# Best Practices To Protect Authentication Tokens

We outline the best practices for users to follow when using our Mobile Application so that they can safeguard themselves against malicious attacks targeted at them.

  1. Use a valid Email address to verify your identity. Temporary Email Addresses are not allowed in our System.

  2. Protect your Email Inbox and do not allow anyone to access your Email. HexaEight sends QR Code emails for verification to your Inbox, so if anyone gets access to your Inbox, they may able to steal your identity and impersonate you.

  3. If you are opening Inbox like Gmail on your Mobile phone, ensure to implement a App Lock so that no one can access your Inbox without your knowledge.

  4. Set a strong Password for your Email Authentication token. Remember every Vault is associated with an email address, and the email address is associated with a single Email Login Token and protected using a password which only you know. So set a strong Password which you can remember.

  5. Remember that the same Email Authentication token can log you into multiple websites or applications. So you need to ensure that you just remember this one strong password and NEVER EVER EVER EVER share the password with anyone.

  6. If you happen to forget your password, just delete the existing Email Authentication Token from your mobile and generate a new one using the Mail button and follow the same verification process to confirm your identity. You can then use the new password to login instantly to your favorite apps and websites.

  7. There may be times when you need to trust some with access to a particular site or application that displays a HexaEight QR Code for authentication. Do not give them your mobile phone and password and ask them to use it to login. Instead scan the QR Code remotely via a Video call if you trust the person and then give them access to your account.

  8. Lastly whenever you type the authentication password in HexaEight Mobile App, the password is stored in the Phone memory until its closed, ensure to close the HexaEight App if you don't plan to use the app for a longer period of time like Swipe up from the bottom on the Phone, hold, then let go. Swipe up on the HexaEight Authenticator app to close it