Learn how to set up authentication using a password.
One of the most common authentication methods used today is the humble email and password. With this setup, users that come to your website will need to supply these credentials in order to gain access to their account.
Clerk enforces every user to have a verified email address. This is done during sign up, by sending a one-time code to the supplied email address.
There are a few different ways to set up an email/password user management system in Clerk. You can use Clerk Hosted Pages, Clerk Components, or build a completely custom flow with ClerkJS or Clerk React. The rest of this guide will explain how to set up an email/password user management system using any of the above methods.
To keep your users safe, Clerk follows a "secure-by-default" policy, and we follow all NIST best practices. This includes password validations out of the box.
Before you start
- You need to create a Clerk Application in your Clerk Dashboard. For more information, check out our Set up your application guide.
- You need to install Clerk React or ClerkJS to your application.
The first thing you need to do is enable email address and password-based authentication on the Email, Phone, Username page.
Select Email address for your contact information and Password as your authentication factor.
Don't forget to click on Apply changes at the bottom of the page!
Instead of email addresses, you could also use phone numbers. All you need to do is choose Phone number in the Contact information section.
In case one of the above integration methods doesn't cover your needs, you can leverage Clerk's APIs to create a completely custom email/password sign-in and sign-up flow.
You will still need to configure your instance for email/password authentication as described at the top of this guide.
Sign up using a custom flow
The email/password sign-up flow requires users to provide their email address and their password and returns a newly-created user with an active session. The important thing to note here is that a user's email address needs to be verified before the registration is completed.
A successful sign-up consists of the following steps:
- Initiate the sign-up process, by collecting the user's email address and password.
- Prepare the email address verification, which basically sends a one-time code to the given address.
- Attempt to complete the email address verification by supplying the one-time code.
Let's see the above in action. If you want to learn more about sign-ups, check out our documentation on Clerk's sign-up flow.
Sign in using a custom flow
In email/password authentication, the sign-in is a process that requires users to provide their email address and their password and authenticates them by creating a new session for the user.
Note that both the sign-in and the sign-up flows are extremely flexible and can cover even the most complicated authentication flows.
While this guide describes an email/password flow, most of this is relevant to all of the authentication strategies Clerk offers. To learn about all possible setups, check out Set up your application for more information.