Ghost Members are authenticated using a link sent to the member's email address. You may have heard it being called a "Magic link", which is sent to a member's email whenever they want to sign up or sign in to your Ghost site.
To be more technical; Whenever a member uses one of the members forms on a Ghost site, a unique JWT token is created using a HS256 signature. This arrives in the members email inbox as a URL. Clicking the link creates a new secure session and the URL expires after 10 minutes, to ensure security.
Sign up emails won't be sent if member signup has been limited to paying members only.
For users of Ghost(Pro) all email authentication has been done for you. You can set a custom from address in the members settings inside the Labs screen, under email settings.
For members to function correctly on a self-hosted version of Ghost, mail must be configured so Ghost can send emails. Refer to the config documentation to find out more about how to set this up.