This panel allow to control the security settings for login and registration:

Encryption

• Require SSL: Requires to use https: (NOT http:) for transmitting passwords. In order for this to work, your site must be properly set-up for SSL.
• Password hashing during Login: This is useful when you are on http:. It is redundant if you are on https:. You should turn in off when using https:/SSL.

HTTP Authentication / HTTP Authorization

HTTP Authentication: allows to log in to b2evolution using an HTTP Authorization header, like the "HTTP BASIC AUTH" scheme.

• The first checkbox will return a 401 Unauthorized HTTP response code when requiring a log in. This may be needed to trigger client / proxies to send the Authorization: <type> <credentials> HTTP Header.
  Checking this automatically check the second checkbox below:
• The second checkbox will accept an Authorization: <type> <credentials> HTTP Header on any page of the site (if no user logged in yet) and automatically log in the user. b2evolution will accept the Authorization: <type> <credentials> header on any page, no matter if a 401 Unauthorized was sent before and no matter if authentication is required or not.

Username & Password Complexity

• Minimum password length:, Require specials characters:, Require strict logins: allow to control username & password complexity.

In this panel, you can modify the required password length, enable strict logins, require SSL, enable password hashing during login, and choose whether or not special characters are required for the user-generated passwords.