Step 2: if that email exists in the database, ask for password. Otherwise confirm with the user that they are new to the site. Then ask for password twice.
Step 3: done.