// secure access

Welcome back

Sign in to your vault. All sessions are JWT-protected with refresh token rotation.

Email Address

Password

👁

Forgot password? · Have a 2FA code?

// new account

Create your vault

One account. Full JWT security stack — access tokens, refresh rotation, and 2FA.

First Name

Required

Last Name

Email Address

Enter a valid email

Password

👁

Enter a password

Password too weak (min 8 chars, 1 number, 1 symbol)

Confirm Password

Passwords don't match

// two-factor auth

Verify identity

Enter the 6-digit code from your authenticator app. Code refreshes every 30 seconds.

Code expires in 30s

Demo: enter any 6 digits — use 123456

// password reset

Reset your key

Enter your email and we'll send a signed, expiring reset link. Valid for 15 minutes only.

Email Address

Good to see you, Gaurav 👋

Last login · just now · 127.0.0.1

🔑

Access Token

JWT signed with HS256. Expires in 15 minutes to minimise exposure window.

● ACTIVE · 14:32 left

🔄

Refresh Token

HttpOnly cookie. Rotates on every use — old tokens are immediately blacklisted.

● ROTATION ON

🛡️

Rate Limiting

5 attempts per 15 min per IP. Progressive delays prevent brute-force attacks.

● ACTIVE

📲

Two-Factor Auth

TOTP-based second factor via authenticator app. Adds a critical layer on top of passwords.

● DISABLED

GK

Gaurav Kumar

gaurav@example.com

First Name

Last Name

Email

Phone

Live view of your current access token — decoded in-browser. The signature is never transmitted to untrusted clients.

Header

algHS256

typJWT

Payload

subusr_001

emailgaurav@...

roleuser

iat–

exp–

Two-Factor Authentication

Require TOTP code on every sign-in

Login Notifications

Email alert for each new session

Refresh Token Rotation

Invalidate old tokens on refresh

Strict IP Binding

Invalidate session on IP change

2FA Setup

Scan this QR code with Google Authenticator or Authy.

Secret: JBSWY3DPEHPK3PXP