New Member Password Generation: The Many Roads to Rome

Memberium provides a shortcode to build simple membership registration forms for your new users. [memb_registration_form] can be used either to enable the new member to select their own password, or a password can be generated for them.The advantage of using the [memb_registration_form] shortcode over a webform, is that it does extra security checks and will now allow a visitor to re-register with a different password if the account has already been registered. It also has features to require fields, autogenerate passwords, autologin the member after registration, and provide verification fields for the the password input.

You can read more about the Registration Form shortcode here

The tried and true method for generating passwords is to run an HTTPS POST from an actionset or campaign to signal Memberium to create the password and the WordPress user. The benefit of this method is that the password is created immediately on-demand.

The drawback of this method is that the system relies on the HTTP POST being made successfully from Infusionsoft to Memberium. Real-world factors that can cause this to fail are: Web hosts blocking Infusionsoft’s IP addresses, security software mistaking the HTTP POST for an attack, security plugins blocking the HTTP POST, mistakes setting up the HTTP POST, the HTTP POST page redirecting to another page, SSL certificate incompatibility or connection errors.

You can find pre-created HTTP POSTs in Memberium->Settings->HTTP POST/Links tab.

In case you are experiencing problems with HTTP POST password generation, you can check this Ultimate Guide to Fixing Password Generator HTTP Post Issues or you can contact us here.

The MakePass scanner is the latest method to create passwords for new members. Rather than using an HTTP POST, this new feature scans your Infusionsoft contact database for new members, generates passwords for them, and then runs a completion action on each contact. The scans run every three minutes. You can configure your MakePass scanner by going to Memberium->Sync Options->Operations.

As each password is generated, a tag will be applied or an actionset run.

Makepass Start Tag is used for Memberium to start generating password for a user that has the tag selected in this field.

Makepass Complete Tag is applied automatically by Memberium once the password is generated for particular user. Once selected “Makepass Complete Tag” is applied, Memberium will automatically remove the “Makepass Start Tag” from user record.

In the Makepass Complete Actionset, you can select actionset you want to be run once password generation is complete for particular user.

Contacts Per Scan is the limit on how many times Memberium tries to generate passwords for at a time. Maybe 15-20 depends on how long the server will let the script run. Currrently, default value for this is “20” and in most cases, there is no reason to increase or decrease this value.

You can read more on how MakePass generation works here.

You can force autologin links to generate passwords using the forcelogin parameter. It is strongly recommended to only use the forcelogin parameter with webforms or orderform autologins.If you use an autologin with a webform/orderform, it is recommended that you take the member to a page with their login information.

You can find pre-created autologin URL’s in Memberium->Settings->HTTP POST/Links tab.

It’s recommended to have the confirmation link use the redirect parameter to take the user to some kind of page where they will be presented with their username, password.

You can find pre-created confirmation links in Memberium->Settings->HTTP POST/Links tab.

The Password It Helper generates passwords and allows you to store them in your Memberium password field. This feature includes a couple of options to set the length of the password field, the complexity, and whether or not you want you to overwrite any existing passwords.

My Fusion Helper does not create the WordPress user when the password is created. The user account in WordPress will be created when they login. Because the user isn’t pre-created, this function is not compatible with the “Local Auth Only” option.

My Fusion Helper is an external service and is not included with your Memberium account.

Infusionsoft’s web forms are designed for lead capture, not for letting visitors securely choose their own passwords. When the web form is submitted the password in the web form will overwrite any existing password on that contact record. This lets an attacker anonymously replace the password on any of your member accounts by simply knowing the member’s email address and having access to a form with the password field.All is not lost. There are some protections in place on the webforms. Webforms will not overwrite a field if the field is not defined on the form, but is submitted anyway.

By default, the Infusionsoft order forms do not support password entry. There is code available that will let you add a password field to your order forms so that customers can choose their own password at signup. These hacks are discouraged for the same reason that Infusionsoft web forms are discouraged.When the order form is submitted, even if the order is not successful the fields on the order form will still update the matching contact, including overwriting an existing password on that contact record.