New Member Password Generation: The Many Roads to Rome

Passwords
This Article Applies to

Overview

PasswordsRegardless of how what kind of membership site you create, there are a few functions that are universally used and implemented across all sites.

Chief among these is the task of generating a password. Infusionsoft does not have a native password generation ability, so it’s up to Memberium and other helper apps to do the job.

The Methods

Registration Form

Memberium provides a shortcode to build simple membership registration forms for your new users. [memb_registration_form] can be used either to enable the new member to select their own password, or a password can be generated for them.The advantage of using the [memb_registration_form] shortcode over a webform, is that it does extra security checks and will now allow a visitor to re-register with a different password if the account has already been registered. It also has features to require fields, autogenerate passwords, autologin the member after registration, and provide verification fields for the the password input.

You can read more about the Registration Form shortcode here

MakePass HTTP POST

The tried and true method for generating passwords is to run an HTTPS POST from an actionset or campaign to signal Memberium to create the password and the WordPress user. The benefit of this method is that the password is created immediately on-demand.

The drawback of this method is that the system relies on the HTTP POST being made successfully from Infusionsoft to Memberium. Real-world factors that can cause this to fail are: Web hosts blocking Infusionsoft’s IP addresses, security software mistaking the HTTP POST for an attack, security plugins blocking the HTTP POST, mistakes setting up the HTTP POST, the HTTP POST page redirecting to another page, SSL certificate incompatibility or connection errors.

You can find pre-created HTTP POSTs in Memberium->Settings->HTTP POST/Links tab.

In case you are experiencing problems with HTTP POST password generation, you can check this Ultimate Guide to Fixing Password Generator HTTP Post Issues or you can contact us here.

MakePass Scanner

The MakePass scanner is the latest method to create passwords for new members. Rather than using an HTTP POST, this new feature scans your Infusionsoft contact database for new members, generates passwords for them, and then runs a completion action on each contact. The scans run every three minutes. You can configure your MakePass scanner by going to Memberium->Sync Options->Operations.

Screen shown in Memberium => Sync Options => Operations tab.

As each password is generated, a tag will be applied or an actionset run.

Makepass Start Tag is used for Memberium to start generating password for a user that has the tag selected in this field.

Makepass Complete Tag is applied automatically by Memberium once the password is generated for particular user. Once selected “Makepass Complete Tag” is applied, Memberium will automatically remove the “Makepass Start Tag” from user record.

In the Makepass Complete Actionset, you can select actionset you want to be run once password generation is complete for particular user.

Contacts Per Scan is the limit on how many times Memberium tries to generate passwords for at a time. Maybe 15-20 depends on how long the server will let the script run. Currrently, default value for this is “20” and in most cases, there is no reason to increase or decrease this value.

You can read more on how MakePass generation works here.

Example on how should Infusionsoft campaign and sequence look if you are looking to, for example send welcome email to your newly registered users that got their password through Make Pass Scanner
Our Recommendation
We only recommend using the Makepass Scanner over the HTTP POST if you’re having problems with the HTTP POST. In those cases, please reach out to support so we can help you diagnose your HTTP POST issues.

AutoLogin Link

You can force autologin links to generate passwords using the forcelogin parameter. It is strongly recommended to only use the forcelogin parameter with webforms or orderform autologins.If you use an autologin with a webform/orderform, it is recommended that you take the member to a page with their login information.

You can find pre-created autologin URL’s in Memberium->Settings->HTTP POST/Links tab.

Confirmation Link

Confirmation links are similar to autologin iinks. You embed them into the welcome email, just like an autologin link. When the link is clicked, the user is created in WordPress and the password is generated.
Confirmation vs Autologin
The main difference between the confirmation link and an autologin link is that the confirmation link only works one time.

It’s recommended to have the confirmation link use the redirect parameter to take the user to some kind of page where they will be presented with their username, password.

You can find pre-created confirmation links in Memberium->Settings->HTTP POST/Links tab.

My Fusion Helper

The Password It Helper generates passwords and allows you to store them in your Memberium password field. This feature includes a couple of options to set the length of the password field, the complexity, and whether or not you want you to overwrite any existing passwords.

Because My Fusion Helper is a service hosted on servers guaranteed to be compatible with your HTTP POST, it bypasses the issues caused by firewalls, security plugins, Cloudflare, and incompatible SSL certificates.

My Fusion Helper does not create the WordPress user when the password is created. The user account in WordPress will be created when they login. Because the user isn’t pre-created, this function is not compatible with the “Local Auth Only” option.

My Fusion Helper is an external service and is not included with your Memberium account.

What to Avoid

Infusionsoft Web Forms

Infusionsoft’s web forms are designed for lead capture, not for letting visitors securely choose their own passwords. When the web form is submitted the password in the web form will overwrite any existing password on that contact record. This lets an attacker anonymously replace the password on any of your member accounts by simply knowing the member’s email address and having access to a form with the password field.All is not lost. There are some protections in place on the webforms. Webforms will not overwrite a field if the field is not defined on the form, but is submitted anyway.

Pro Tip
Never use a password fields on any Infusionsoft webform available to the public.

Infusionsoft Order Forms

By default, the Infusionsoft order forms do not support password entry. There is code available that will let you add a password field to your order forms so that customers can choose their own password at signup. These hacks are discouraged for the same reason that Infusionsoft web forms are discouraged.When the order form is submitted, even if the order is not successful the fields on the order form will still update the matching contact, including overwriting an existing password on that contact record.

  • Was this Helpful?
  • YesNo
9 ways to add more value to your membership site

Table of Contents

This Article Applies to

Keep Reading

Want to get some fresh ideas on how you can improve your membership site or course?

Download our free ebook!

Book a Call

Welcome to Memberium!

We are very excited for you to be part of our family. 

We would love to answer any questions that you have!

Please choose the best time for you to get in a call with us. 

For Technical Support, you can contact us at https://keap.memberium.com/support/ or Email us at support@memberium.com.