# Manage Users _Register users on your TWiki site; change/reset/install passwords; remove user accounts_ ## Authentication and Access Control - [[TWikiUserAuthentication]] describes options of user authentication - [[TWikiAccessControl]] describes how to define groups and how to restrict access to content ## Register User It is not necessary to have user home pages in the TWiki system for Authentication to work - see [[TWikiUserAuthentication]] for details. - [[TWikiRegistration]] is for users to fill out a form - [[NewUserTemplate]] can be changed to customize user home pages, it can optionally use the [[UserForm]] to define user fields as meta data - [[BulkRegistration]] is for administrators to use to set up one or more accounts: either from a table or from an external file ## Change, Reset and Install Passwords - [[ChangePassword]] is for users who can remember their password and want to change it - [[ResetPassword]] is for users who cannot remember their password; a system generated password is e-mailed to them - [[BulkResetPassword]] if for administrators who want to reset many passwords at once ## Removing User Accounts To remove a user account (FredQuimby, who logs in as "fred"): 1. If you are using a `.htpasswd` file, edit the `.htpasswd` file to delete the line starting `fred:` 2. Remove the `FredQuimby - fred` line from the Main.TWikiUsers topic 3. Remove `FredQuimby` from all groups and from all the `ALLOWWEB/ALLOWTOPIC...` declarations, if any.%BR% **_Note:_** If you fail to do this you risk creating a security hole, as the next user to register with the wikiname FredQuimby will inherit the old FredQuimby's permissions. 4. _[optional]_ Delete their user topic Main.FredQuimby. **_Note:_** Consider leaving the user topic file in place so their past signatures and revision author entries don't end up looking like [[AnUncreatedTopic]]. If you want to make it clear the user is no longer with the organization or has been banished, replace the topic content with a note to that effect. The existance of the UserName topic should also prevent that user name from being re-used, sealing the potential security hole regarding inherited permissions.. **_Related Topics:_** [[AdminDocumentationCategory]]