Knowledge Base

Known Issue - Auto Login Functionality

  • Updated

This article details a current Known Issue. When the issue is resolved, the article will be archived.

TIP: See Known Issue Descriptions & Targets for Resolution for information about how Higher Logic classifies issues and the associated target-resolution times.

Description

Over the past few months, we have been focusing on making our Higher Logic Thrive Community (Thrive Community) product safer for you and your community members. As a result of our initiatives around security and privacy, we will remove the Auto Login functionality from our Daily Digests on September 1, 2021.

NOTE: The Auto Login functionality is only enabled for a small subset of our customers. To identify whether you have this functionality, navigate to Admin > Email > Discussions > Digest Templates. On the Digest Templates tab, you will see the Auto Login checkbox, as shown below.

AutoLogin.png

In addition, we will be sending out communications to those customers affected by this change.

What is Auto Login?

Auto Login adds additional parameters to hyperlinks in your community members’ Daily Digests. When a user clicks one of these encoded links, they're automatically logged into your Thrive Community.

We acknowledge that losing this functionality may alter your members’ experience accessing your community. However, given the security risks this functionality presents, we believe removing it is the best course forward not only for you, our customer, but also your members.

Potential risks

During our evaluation of this functionality, we identified the following potential risks:

  • Users can freely forward emails and unintentionally allow those recipients to log into the site as them.
  • If a user or admin has their email client compromised, a cybercriminal may gain access to your community and post malicious content or gain access to user data.

To ensure that this change does not have a negative impact on engagement, we encourage you to promote safe and secure login practices (such as using a password management tool) to help ease your community member’s experience accessing your Thrive Community.

Workaround

You have two options:

  1. Keep Auto Login temporarily enabled on your site until it's removed on September 1, 2021. This gives your organization time to inform your members that this change is coming, if needed.
  2. Disable this functionality before September 1, 2021 to prevent the possible risks mentioned above.

    To disable Auto Login, navigate to Admin > Email > Discussions > Digest Templates. On the Digest Templates tab, uncheck the Auto Login box, and then save the change.

    AutoLogin.png

Resolution

  • Severity: Moderate
  • Resolution: Currently being worked on.
  • Reference ID: 17576
Was this article helpful?
0 out of 0 found this helpful
Return to top

Can’t find what you’re looking for?

Create a Case Call US Support