diff --git a/src/ZfcUser/Form/ChangeEmail.php b/src/ZfcUser/Form/ChangeEmail.php
index 98798a35..dc1a60ee 100644
--- a/src/ZfcUser/Form/ChangeEmail.php
+++ b/src/ZfcUser/Form/ChangeEmail.php
@@ -58,6 +58,16 @@ public function __construct($name, AuthenticationOptionsInterface $options)
             ),
         ));
 
+        $this->add([
+            'type' => '\Zend\Form\Element\Csrf',
+            'name' => 'security',
+            'options' => [
+                'csrf_options' => [
+                    'timeout' => $this->getAuthenticationOptions()->getLoginFormTimeout()
+                ]
+            ]
+        ]);
+
         $this->add(array(
             'name' => 'submit',
             'attributes' => array(
diff --git a/src/ZfcUser/Form/ChangePassword.php b/src/ZfcUser/Form/ChangePassword.php
index 0dabd0bc..8b8ec05f 100644
--- a/src/ZfcUser/Form/ChangePassword.php
+++ b/src/ZfcUser/Form/ChangePassword.php
@@ -59,6 +59,16 @@ public function __construct($name, AuthenticationOptionsInterface $options)
             ),
         ));
 
+        $this->add([
+            'type' => '\Zend\Form\Element\Csrf',
+            'name' => 'security',
+            'options' => [
+                'csrf_options' => [
+                    'timeout' => $this->getAuthenticationOptions()->getLoginFormTimeout()
+                ]
+            ]
+        ]);
+
         $this->add(array(
             'name' => 'submit',
             'attributes' => array(
diff --git a/src/ZfcUser/Form/Login.php b/src/ZfcUser/Form/Login.php
index 740c314f..35ed77da 100644
--- a/src/ZfcUser/Form/Login.php
+++ b/src/ZfcUser/Form/Login.php
@@ -56,6 +56,16 @@ public function __construct($name, AuthenticationOptionsInterface $options)
         //$csrf->getValidator()->setTimeout($options->getLoginFormTimeout());
         //$this->add($csrf);
 
+        $this->add([
+            'type' => '\Zend\Form\Element\Csrf',
+            'name' => 'security',
+            'options' => [
+                'csrf_options' => [
+                    'timeout' => $this->getAuthenticationOptions()->getLoginFormTimeout()
+                ]
+            ]
+        ]);
+
         $submitElement = new Element\Button('submit');
         $submitElement
             ->setLabel('Sign In')
diff --git a/src/ZfcUser/Form/Register.php b/src/ZfcUser/Form/Register.php
index 9da9e4e6..206fbd26 100644
--- a/src/ZfcUser/Form/Register.php
+++ b/src/ZfcUser/Form/Register.php
@@ -24,6 +24,16 @@ public function __construct($name, RegistrationOptionsInterface $options)
 
         parent::__construct($name);
 
+        $this->add([
+            'type' => '\Zend\Form\Element\Csrf',
+            'name' => 'security',
+            'options' => [
+                'csrf_options' => [
+                    'timeout' => $this->getRegistrationOptions()->getUserFormTimeout()
+                ]
+            ]
+        ]);
+
         if ($this->getRegistrationOptions()->getUseRegistrationFormCaptcha()) {
             $this->add(array(
                 'name' => 'captcha',
diff --git a/tests/ZfcUserTest/Form/ChangeEmailTest.php b/tests/ZfcUserTest/Form/ChangeEmailTest.php
index 22e835e3..74860906 100644
--- a/tests/ZfcUserTest/Form/ChangeEmailTest.php
+++ b/tests/ZfcUserTest/Form/ChangeEmailTest.php
@@ -21,6 +21,7 @@ public function testConstruct()
         $this->assertArrayHasKey('newIdentity', $elements);
         $this->assertArrayHasKey('newIdentityVerify', $elements);
         $this->assertArrayHasKey('credential', $elements);
+        $this->assertArrayHasKey('security', $elements);
     }
 
     /**
diff --git a/tests/ZfcUserTest/Form/ChangePasswordTest.php b/tests/ZfcUserTest/Form/ChangePasswordTest.php
index 690e3b80..84b2cdfb 100644
--- a/tests/ZfcUserTest/Form/ChangePasswordTest.php
+++ b/tests/ZfcUserTest/Form/ChangePasswordTest.php
@@ -21,6 +21,7 @@ public function testConstruct()
         $this->assertArrayHasKey('credential', $elements);
         $this->assertArrayHasKey('newCredential', $elements);
         $this->assertArrayHasKey('newCredentialVerify', $elements);
+        $this->assertArrayHasKey('security', $elements);
     }
 
     /**
diff --git a/tests/ZfcUserTest/Form/LoginTest.php b/tests/ZfcUserTest/Form/LoginTest.php
index 398a9814..5db22325 100644
--- a/tests/ZfcUserTest/Form/LoginTest.php
+++ b/tests/ZfcUserTest/Form/LoginTest.php
@@ -23,6 +23,8 @@ public function testConstruct($authIdentityFields = array())
 
         $this->assertArrayHasKey('identity', $elements);
         $this->assertArrayHasKey('credential', $elements);
+        $this->assertArrayHasKey('security', $elements);
+
 
         $expectedLabel="";
         if (count($authIdentityFields) > 0) {
diff --git a/tests/ZfcUserTest/Form/RegisterTest.php b/tests/ZfcUserTest/Form/RegisterTest.php
index 005920f8..7084588f 100644
--- a/tests/ZfcUserTest/Form/RegisterTest.php
+++ b/tests/ZfcUserTest/Form/RegisterTest.php
@@ -39,6 +39,8 @@ public function testConstruct($useCaptcha = false)
         $this->assertArrayHasKey('email', $elements);
         $this->assertArrayHasKey('password', $elements);
         $this->assertArrayHasKey('passwordVerify', $elements);
+        $this->assertArrayHasKey('security', $elements);
+
     }
 
     public function providerTestConstruct()