1. Home
  2. AccessAlly
  3. Basic Setup
  4. Should You Send Passwords in a Welcome Email?

Should You Send Passwords in a Welcome Email?

With AccessAlly, you decide whether or not to store member passwords in a way that would allow you to send people their passwords in an email.

For security and privacy reasons, including the GDPR, you may decide not to store and send passwords via email. Or, you might decide that your members may benefit from being able to autologin or see their passwords because they aren’t as tech savvy or they aren’t storing any sensitive data inside your membership site.

Let’s look at how to do both options.

Members Can Always Reset Their Own Passwords

Any member on an AccessAlly site can reset their passwords through the default WordPress reset password functionality… by clicking on the “Lost my password” link on your site’s login page.

Login Page Screenshot - Lost Password

If they aren’t receiving these password reset emails, consider using Amazon SES to send these emails because it improves deliverability.

Ways to Avoid Sending Passwords by Email

In the Onboarding Wizard you can select this checkbox to disable saving passwords inside of your CRM.

Screenshot: Don't store passwords

For Free Opt-ins

For a free opt-in, you can use the On Demand Login functionality to automatically log someone in after they opt-in. From there, they can set or re-set their password on an “Update Account” page.

Note that the On Demand login will not log people in if they already have an existing account on the site – instead it will ask them to enter their username and password. This is done for security reasons, so that a stranger doesn’t use someone’s email address to gain access to their account.

For Paid Products

For a paid product purchase, you can use AccessAlly’s order forms settings to show the user their password immediately after check out like this.

Automatically Log people in

You could also automatically log people in after a purchase, and follow the same steps to have them reset their password on an “Update Account” page.

If a member already exists, you can use Snappy Login Links™ to have a one-time expiring link sent to a member’s email address that allows them to login without a password.

This is a secure way of having people login even if they forgot their password, because it is tied to their email account.

Login Page Screenshot - Snappy Login

Read more about Snappy Login Links™ and their benefits here.

Storing and Using Passwords

Onboarding Wizard - Password Custom Field

If you do want to store a member’s password so you can send it to them via email, or you’re using a third party shopping cart to connect through your CRM – you have a few ways to manage these passwords.

You can insert the password into an email through your CRM by using the password custom field you selected.

You can also create autologin links that use the person’s password, so they will automatically be taken inside of the membership site without logging in.

Note about Infusionsoft/Keap's storage of passwords

Update: As of May 2020, Infusionsoft no longer allows administrators to see the passwords stored in the built-in Password field.

Screenshot of Infusionsoft password field updates

This means that a business owner may not see their membership site members’ passwords through Infusionsoft. The passwords can still be merged into an email.

If you’re not worried about your Infusionsoft administrators being able to access the password field, you can create a new field that is not “hidden” to Infusionsoft admin users. Learn how to create your own custom field in Infusionsoft so you can assign it as your AccessAlly password field.

Updated on May 28, 2020

Was this article helpful?

Related Articles


If you have any questions, we're just an email away.

We take your success seriously, and you'll always get a speedy reply from a real person during business hours.


AccessAlly is the #1 WordPress Course and Membership Solution for Industry Leaders


You'll get follow-up emails about AccessAlly and new features. Opt out anytime. Full privacy policy here.