Snippet Best Practices
There are a few things to keep in mind when you use auto-login Snippets.
If a person forwards an email with an auto-login Snippet to someone else, they've essentially given that person access to log in to their account. Remind people not to share the Message. They might do it anyway, but at least you can sleep well at night knowing you warned them.
We recommend you include a note at the bottom of any message sent with a Snippet stating something like "The link included in this email is unique to you. Please do not forward this message". In fact, you can include this warning in the Snippet itself. That way, you won't forget it!
For example, one popular Snippet is a personalized event registration link:
https://{your church domain}/portal/login.aspx?dg=[Domain_GUID]&cg=[Contact_GUID]&ReturnUrl=/portal/event_signup.aspx?id=[event_ID]
And here's the source code for the Event Sign Up Snippet, with the warning included:
<a href="https://{your church domain}/portal/login.aspx?dg=[Domain_GUID]&cg=[Contact_GUID]&ReturnUrl=/portal/event_signup.aspx?id=0">Event Sign Up</a>. This is a personalized link. Please do not forward this email.
What if someone accidentally shares the link?
If someone shares a personal link, anyone who clicks that link can access that person's account and see their information. If this happens, you can reset that User's GUID and break the link using the Reset User Security Tool.