Feature Requests

Got an idea for a new feature or integration? We’d love to hear it! You can find our roadmap here.

1 vote

Make auto logins secure

Auto logins can be guessed and abused from the contact ID alone. But if they were encrypted, they need not be guessable. I think (possibly with advice from Calvin Alkan) it should be possible to create an encrypted version of each contact ID and store them in a custom field in each CRM. Then that could be used when creating autologin URLs in mailouts instead of the contact ID, and WPF decrypts them on receipt.

Under Review Category: Logins Addon Christopher Miller shared this idea Updated: December 20, 2023

1 thought on “Make auto logins secure”

  1. Yes that’s one strategy. We have another way of doing it at https://wpfusion.com/documentation/tutorials/auto-login-links/#making-auto-login-more-secure

    I’m not sure if this makes sense as a *feature*…. because each time we’ve tried to make the auto-login system more secure for specific customers, it’s become less reliable.

    For example someone changes their email address, or the encryption scheme or hash changes for a specific contact and the link no longer works. So we’ve ended up spending a lot more time troubleshooting it.

    But we’ll leave this up and if there’s significant interest we could look into building an “advanced mode” option for auto-login, for people who are willing to put in the extra time setting it up.

Leave a Comment

Your email address will not be published. Required fields are marked *