Account > IP-Locked Tokens

Warning!

"IP-Locked Tokens" is a security setting in your EBA Account which is enabled by default. Unless you have a specific reason to turn it off (such as a rolling IP address or if you travel a lot), it is highly recommended that this setting stays enabled. Disabling this setting can make your account vulnerable to token theft, granting malicious users access to your account.

"IP-Locked Tokens" can be managed in your EBA Account Security Settings.

When this feature is disabled, a single login token is generated using your account's unique seed. This login token will be used on all of your devices. If an attacker steals this token, they can access your account without your password or 2FA code.

"IP-Locked Tokens" were created to combat this security vulnerability, and they are enabled by default for all accounts. Now, a login token will be generated using your unique seed AND your IP address. This means that a token will only be valid on the IP address where it was generated. For users who access our services from multiple locations (e.g., home and work), your web browser can store several login tokens per account, and the server will authenticate you as long as any stored login token is valid for the current IP.

Regardless of whether this option is enabled, signing out or signing into a different account will remove any stored login tokens on your device, and changing any security settings (including "IP-Locked Tokens") will regenerate your account's seed, invalidating all tokens.

If you have any questions or concerns, feel free to Contact EthanBlaisAlarms.