These settings cover the following restrictions:

• Enable or disable logging in to the web interface with a password (without it, you need a third-party authentication provider such as Google)
• Enable or disable password authentication for Git over HTTPS (without it, a personal access token is needed)
• Enable or disable two-factor authentication (with a grace period that determines how long a user can wait during configuration)

It is possible to use a hardware token device as a second factor, as you can see in the following screenshot (this only works in Chrome):

You can also choose to use a code generator app such as Google Authentication:

You can also set a home page URL here, which is where non-logged-in users will be redirected to. In the same way, you can define an after-sign-out path, where users will be led to when they sign out.

Finally, it's also possible to set a standard sign-in text to be visible on the login page.