This article details a current Known Issue. When the issue is resolved, the article will be archived.
TIP: See Known Issue Descriptions & Targets for Resolution for information about how Higher Logic classifies issues and the associated target-resolution times.
Over the past few months, we have been focusing on making our Higher Logic Thrive Community (Thrive Community) product safer for you and your community members. As a result of our initiatives around security and privacy, we will remove the Auto Login functionality from our Daily Digests on September 1, 2021.
NOTE: The Auto Login functionality is only enabled for a small subset of our customers. To identify whether you have this functionality, navigate to Admin > Email > Discussions > Digest Templates. On the Digest Templates tab, you will see the Auto Login checkbox, as shown below.
In addition, we will be sending out communications to those customers affected by this change.
What is Auto Login?
Auto Login adds additional parameters to hyperlinks in your community members’ Daily Digests. When a user clicks one of these encoded links, they're automatically logged into your Thrive Community.
We acknowledge that losing this functionality may alter your members’ experience accessing your community. However, given the security risks this functionality presents, we believe removing it is the best course forward not only for you, our customer, but also your members.
During our evaluation of this functionality, we identified the following potential risks:
- Users can freely forward emails and unintentionally allow those recipients to log into the site as them.
- If a user or admin has their email client compromised, a cybercriminal may gain access to your community and post malicious content or gain access to user data.
To ensure that this change does not have a negative impact on engagement, we encourage you to promote safe and secure login practices (such as using a password management tool) to help ease your community member’s experience accessing your Thrive Community.
You have two options:
- Keep Auto Login temporarily enabled on your site until it's removed on September 1, 2021. This gives your organization time to inform your members that this change is coming, if needed.
- Disable this functionality before September 1, 2021 to prevent the possible risks mentioned above.
To disable Auto Login, navigate to Admin > Email > Discussions > Digest Templates. On the Digest Templates tab, uncheck the Auto Login box, and then save the change.
- Severity: Moderate
- Resolution: Currently being worked on.
- Reference ID: 17576