As part of our program of continual improvement in application security, we have implemented a mandatory security update for
all accounts. Please read the below carefully and let us know if you have
Effective immediately, all URLs embedded in invitation or reminder email will no longer
auto-populate a user's invitation code or password into the log-in
screen when clicked. Instead, users will be required to enter their invitation codes or
passwords manually. Invitation codes are, by default, displayed in the user's
invitation and reminder email, so the only extra step that most users will need
to take is to type or copy the invitation code from the email into their log-in
Why was this change made?
This change is in response to the growing problem posed by malware browser
extensions that secretly steal and publish users' Web site browsing history.
When a URL that includes log-in information is misused by these browser
extensions, user credentials can be compromised. While embedding log-in
information was a valued convenience for our customers, we have decided that the
potential for problems is too great, and have disabled this feature.
While we normally strive to provide advance notice as to changes that affect
functionality, this update was classified as a security enhancement and was
given the highest priority. We have not detected any corruption or loss of data
as a result of this potential problem, but rather are working quickly and
proactively to keep your data safe.
What do I need to do?
Most clients will not need to take any action; we have automatically updated
your rater summary invitation and reminder templates to account for the necessary changes. But
please do review your next round of invitations or reminders before sending them
to ensure that they contain the information below. Our apologies for any
inconvenience, and please feel free to contact us if you need help.
Please be sure to INCLUDE the invitation code or password merge fields in all
communications sent to your participants moving forward. As a reminder, the
merge fields are below.