Account Security

Archevi provides multiple layers of security to keep your account safe. Here's what's available and how to make the most of it.

Passkey / WebAuthn Authentication

Archevi supports passwordless authentication using FIDO2 passkeys (WebAuthn). Passkeys are phishing-resistant by design -- they use your device's biometric sensor (fingerprint, face recognition) or security key instead of a password.

Set up a passkey from your account security settings
Works with built-in biometrics (Touch ID, Windows Hello, Face ID) and external security keys
Passkeys cannot be phished -- they are cryptographically bound to the archevi.com domain

Strong Passwords

If you use a password instead of a passkey, choose a strong one:

Use at least 12 characters
Include a mix of letters, numbers, and symbols
Avoid reusing passwords from other services
Consider using a password manager

Two-Factor Authentication (2FA)

Add an extra layer of security with two-factor authentication:

Supports authenticator apps (Google Authenticator, Authy, 1Password, etc.)
TOTP-based codes that refresh every 30 seconds
Backup recovery codes are provided when you enable 2FA -- store them safely

We recommend enabling 2FA for all accounts, especially if you're not using passkeys.

Trusted Devices

Manage and review which devices have access to your account:

View all active sessions from your security settings
Revoke access for any device instantly
Get notified when a new device signs in

Token Security

Archevi uses refresh token rotation for session security:

Refresh tokens are single-use and rotate on every request
If a token is stolen, it expires as soon as the legitimate session uses it
Sessions expire after a period of inactivity

Tips for Staying Secure

Enable passkey authentication or 2FA
Review your active sessions regularly
Don't share your login credentials with others -- use Archevi's family sharing feature to grant access
Log out of shared or public devices

For information on how we protect your data, see How We Protect Your Data.