With AccessAlly, you decide whether or not to store member passwords in a way that would allow you to send people their passwords in an email.
For security and privacy reasons, including the GDPR, you may decide not to store and send passwords via email. Or, you might decide that your members may benefit from being able to autologin or see their passwords because they aren’t as tech savvy or they aren’t storing any sensitive data inside your membership site.
Let’s look at how to do both options.
Members Can Always Reset Their Own Passwords
Any member on an AccessAlly site can reset their passwords through the default WordPress reset password functionality… by clicking on the “Lost my password” link on your site’s login page.
If they aren’t receiving these password reset emails, consider using Amazon SES to send these emails because it improves deliverability.
Ways to Avoid Sending Passwords by Email
In the Onboarding Wizard you can select this checkbox to disable saving passwords inside of your CRM.
For Free Opt-ins
Note that the On Demand login will not log people in if they already have an existing account on the site – instead it will ask them to enter their username and password. This is done for security reasons, so that a stranger doesn’t use someone’s email address to gain access to their account.
For Paid Products
For a paid product purchase, you can use AccessAlly’s order forms settings to show the user their password immediately after check out like this.
You could also automatically log people in after a purchase, and follow the same steps to have them reset their password on an “Update Account” page.
After a Member Is Created, using Snappy Login Links™
If a member already exists, you can use Snappy Login Links™ to have a one-time expiring link sent to a member’s email address that allows them to login without a password.
This is a secure way of having people login even if they forgot their password, because it is tied to their email account.
Storing and Using Passwords
If you do want to store a member’s password so you can send it to them via email, or you’re using a third party shopping cart to connect through your CRM – you have a few ways to manage these passwords.
You can insert the password into an email through your CRM by using the password custom field you selected.
You can also create autologin links that use the person’s password, so they will automatically be taken inside of the membership site without logging in.
Update: As of May 2020, Infusionsoft no longer allows administrators to see the passwords stored in the built-in Password field.
This means that a business owner may not see their membership site members’ passwords through Infusionsoft. The passwords can still be merged into an email.
If you’re not worried about your Infusionsoft administrators being able to access the password field, you can create a new field that is not “hidden” to Infusionsoft admin users. Learn how to create your own custom field in Infusionsoft so you can assign it as your AccessAlly password field.