Configuring email confirmations
It is recommended to use all kinds of email confirmations Kentico provides. The email confirmations protect the users from being subscribed to mass emails and inform them of potential malicious attempts to change their passwords.
Password change via the Forgotten password functionality
When changing their password through the Forgotten password functionality on the Logon form web part, users are required to change their password through a password change link sent to them in a change password request email. An additional confirmation email can be sent upon a successful change of the user’s password if the Send password reset confirmation email option in Settings -> Membership & Security -> Passwords is enabled.
You can learn more about forgotten passwords in the Forgotten password topic.
Email confirmation for newly registered users
It is recommended to require the users to confirm their registrations on your website via email. This protects the users and their emails from identity thefts – it prevents other users from registering with someone else’s email and then act as somebody else.
To require the users to confirm their registrations, check the Registration requires email confirmation option in Settings -> Membership & Security.
You can find more information in the New user registration approval and email confirmation topic.
Administrator’s approval of newly registered users
You can configure, that after users register on your website (and confirm the registration via email), their accounts will not be activated immediately. The system will require the site administrator to confirm their registration. This is useful for protecting the system from being overwhelmed by fake users and spambots and it also allows the administrator to verify the users’ identities and the account types they created.
Using this feature will improve your website’s security, but it can also significantly slow down the registration process and fend off potential users. It depends on the purpose of your website and on how important the true identities of users are.
You can find more information in the New user registration approval and email confirmation topic.
Double opt-in
The double opt-in functionality, also referred to as confirmed opt-in or closed-loop opt-in, adds an additional security layer to user subscriptions. When users subscribe to receiving mass emails in some module, the system sends a confirmation message to their email address first. Only after the users confirm the subscription by clicking the link included in the message will the system add their addresses to the subscription mailing list.
Using this functionality is much recommended, as it protects the users from receiving large amounts of unsolicited emails without their knowledge. It eliminates the cases when someone submits for subscriptions incorrectly typed email addresses or someone else’s addresses out of malice.
You can enable double opt-in for these modules:
- Blogs - Allowing users to subscribe to blog comment notifications
- Forums - Managing forum subscriptions
- Newsletters and email campaigns - Enabling double opt-in for newsletters
- Message boards - Enabling message board subscriptions