CRM Contact getting email "Your password has been changed on ... by the Admin" everytime we change any field in the CRM

CRM contacts are getting an email stating that their email has been changed when any field is edited.
The email states - “Your password has been changed on [website url] by the admin”.

Question 1:
Is there a setting to turn this off this email workflow? As we use the custom CRM fields to classify customers and additional membership info, I don’t think we want the customer to be notified every time.

Question 2:
Can this be set to only email when the password field is changed?

Question 3:
Is there a workflow notification that we can turn on when the user changes his account information - address, etc via the Secure Zone Update Account form?
I tried adding:
< input type=“hidden” name=“customWorkflows” value=“3” >
,but it doesn’t seem to work with this form

Question 4:
Will CRM account changes be Zapier enabled in the future to keep mailing lists up to date?

Hi @shannonlynd

  1. No setting at this stage.
  2. It is/should be. I think this is a bug on your particular site. I’ve tested this on 3 other sites and cannot replicate it. (can you submit a ticket for this so the team can investigate?)
  3. Not that I’m aware of, but that’s a good idea. Perhaps submit this as a backlog item.
  4. According to the backlog description it looks like CRM is well covered for Zapier integration :slight_smile: Zapier Integration

I had something like this recently. The site was a trial site in the treepl.co domain. My password manager (LastPass) recognised the domain suffix from my Portal Account & when I opened a CRM Contact Record & chose Edit it updated the password field with my Portal Password. I made the updates to the record I intended & saved the record & received an email advising the password had been updated by the Admin & showing my Portal Password in plain text. Drove me nuts for a while trying to work out what happened because there was nothing to show it did. This is a Club Membership site with many extra fields. I took the site live early to change the domain name. As soon as it was using the production domain suffix the problem stopped.

1 Like

I also had this problem. It’s basically any kind of password manager in your browser which autofills the password field.
If password management is switched of in the browser and you open a CRM record with subscription and password, the password field simply stays empty and on save, no changes are made to it as long as you don’t type a new password there. So if the password manager autofills that field, just empty it and no changes are made.
Most importantly: If you don’t do that you might change a user’s password to something else unwillingly which in my experience has the potential to upset users quite a bit and create support cases :-).

@Eugene I wonder if some adjustments to how the password input field is named could prevent this?
I know the autocomplete="off" attribute isn’t really honoured for password fields, but maybe the autocomplete="new-password" might help a bit, or even changing the type="password" to type="text" shouldn’t really be a security issue in this case, would it?

References:
How to turn off form autocompletion - Web security | MDN

html - How do you disable browser autocomplete on web form field / input tags? - Stack Overflow

I’ve added this attribute to the password field. I hope it will help. It will be released in v.6.2.

1 Like

Thanks @Eugene - do we have an ETA on 6.2?

I think @vlad.z or @alex has more information about v.6.2 release.

@A3CS It looks like you can get 6.2 released to your site now if you contact support. I’m not sure if it’ll include this feature as it’s not called out in the backlog documentation

1 Like