The login page can be customized from its default configuration.  Users will need to login before they can access files unless you make a "anonymous" account which does not require authentication.

If users forget their password, they can have their password emailed to them if you allow them to do so.  If the user's password has expired, the login sequence automatically handles forcing them to assign a new password and enforcing password rules you have configured on the server.

You can also hard code automatic logins by embedding the username and password in the url.  Example: