On Security page click Registration and passwords to create user self-register page, password reminder, change password pages.
To create new user registration page, select the corresponding checkbox and click Choose fields to select fields that will appear on the registration page.
Select Send activation link checkbox to send email with activation link to a user after the registration. The purpose of the activation link is to ensure that the user signs up with a real, active email address that they own. This limits the number of times someone can sign up, and prevents people who have been booted off a site from signing up again multiple times with fake email addresses. User access is denied until activation link is open in the browser. Select one of the existing fields or create new one to store activation flag. This field needs to be numeric (Number, INT or TINYINT).
If you need to customize email templates that will be send to the users/admins when a new user is registered use the Email templates dialog.
Click on the Email templates button to open the dialog where you can customize email templates that will be send to the users.
If you are going to use Send email to user or Remind password page options, do not forget to choose a field where user email is stored.
Restrict weak password option allows to restrict using of weak passwords. You can select minimum password length, number of unique characters, digits or symbols.
Option to use industry standard BCRYPT hashing algorithm. Send password reset link to user's email, link expires in 24 hours.
You can also hash your passwords manually using events
For instance, you want to provide admin with direct access to the login table. To do so this enable the "Encrypt passwords" option and add the following code to BeforeAdd/BeforeEdit events of login table:
values("password") = getPasswordHash(values("password"))
values("password") = md5( values("password"))
You can add CAPTCHA to the remind password page and new user registration page (select the corresponding Display CAPTCHA checkbox). CAPTCHA is a simple test to determine if a user is a computer or a human. It is used to prevent spam abuse on the websites. Click CAPTCHA settings and choose what CAPTCHA to use: Flash-based CAPTCHA (it is simple but doesn't work on most mobile devices) or Google reCAPTCHA.
To use Google reCAPTCHA, register your web site at https://www.google.com/recaptcha/intro/index.html, copy site key and secret key there and paste them into the CAPTCHA settings.
Remind password page with Flash-based CAPTCHA:
New user registration page with Google reCAPTCHA:
Here you can enter SMTP server settings and email which will be used to send emails to users. Note that SMTP server and SMTP server port settings may differ from the stated in the example below. Contact your Mail Service Provider to get necessary information.
To send emails via Gmail, use the following settings:
•SMTP server: smtp.gmail.com
•SMTP server port: 465, choose 'SSL' from dropdown list
•SMTP username: <your gmail address>
•SMTP password: <Gmail password>
If you use two-factor authentication for Gmail you need to generate and use an application specific password.
You can find details on the Gmail Accounts Help page.