HexaEight Authenticator Mobile App

Our Mobile App Issues Free Digital Authentication Tokens To Anyone With a Valid Email Address

For IOS and Android
Available for Android in Google Play Store
Available for iPhones in iOS App Store
Also available in Amazon App Store

HexaEight Mobile Application

HexaEight Mobile Application allows any user having a valid Email Address to register with our Platform. Upon successful verification of the Email Address, an Email Digital Token is issued which is stored in the Mobile Application. Users can use the Digital token to scan HexaEight QR Codes to login to any Website or AI Powered Application that integrates with HexaEight Authentication. 

Every Digital Token is associated and secured by a Password that is known only to the user.  Digital Token Passwords are never stored on the Mobile.  In the event the user forgets the Digital token password, they can delete the  token and request for a new Digital token with a different password. 

NOTE : Our Platform does not allow users to obtain a Digital Token using  temporary email addresses.

How To Download Our Mobile App?

SCAN

This QRCode

To Download Our
Mobile App From
Google Play Store

SCAN

This QRCode

To Download Our
Mobile App From
Apple Play Store


Note: Some older versions of Android Phones complain that they cannot access Location or read files from storage even though the permissions are granted in the Mobile App. In such cases, you will need to open the App permissions and specifically enable access to the Location, Storage and Camera. In addition, you will also need to enable Google Location services for the location information to be available for the app.  We primary use Location services to detect fraud if your email ID is used for malicious purposes, hence our app will not function without access to Location, Storage and Camera.

How To Create Your Digital Token

Watch This Video To Create Your First Digital Token

Note: When you generate an Email Login Token Request, if you do not receive an email, make sure you check your Spam or Updates Folders for the Email. Our Platform will not send an email if it detects an temporary email address is given as your vault address. If you believe you have still not received the email, you can uninstall the app and begin the process and try again. There is a maximum of three tries you can attempt to request for an Email Login Token Request. If all three tries are exhausted, your email address will be blocked from our system. If this happens, please reach out to HexaEight Team for assistance

How To Create Captcha Tokens

Captcha Tokens provide one-time access codes when configured to point to a token server. You can create Captcha Tokens for multiple token servers by entering the server's URL during the setup process.
In some cases, you may be asked to configure the token server address without using HTTPS. Rest assured, this is completely secure because our patent-pending technology ensures safe communication between the token server and the mobile application, without relying on HTTPS for encryption.  



Remember you can always visit the http(s)://tokenserverurl/api/resourceinfo to get the identity information of the Token Server.

How To Create Resource Tokenss

Resource tokens allow owners and developers to configure machines to work with HexaEight products.

If you are a developer or machine owner needing to install the HexaEight Token Server using a domain name, you will require a valid resource token to complete the verification process.

Please note that to add a domain resource token to your email vault, your email address must belong to the same domain or parent domain. Additionally, you need the ability to verify the hostname by adding a TXT record to your domain's DNS server.

ID Verification

Our mobile application allows end users to create a Digital Token using just their email address. However, this alone is not sufficient to verify their identity. To establish identity, users can submit identity verification documents through our app for review.

For users in India, we accept Aadhaar Offline Zip file linked to their email address as well as Passports. For users in other countries, we accept passports or other digitally signed documents for identity verification.


By completing the ID verification process, the photo in your ID document will be automatically linked within your user profile. This enables you to verify your identity to third parties by simply displaying your user profile through our application. Additionally, if you've activated our deep fake detection technology to protect your photos and videos, your profile photo will be shown to others when they verify the integrity of any media you've shared. This allows them to confirm authenticity without revealing your email address. Keep in mind that your Digital Token is linked to your photo, so any attempt to tamper with the image will prevent access to your Email Vault.

Remember we will request a video meeting to confirm your identity. Once your documents are submitted via the app, you can proceed with an ID verification request using the button below. 

Steps To Upload Documents

Follow the below Steps to upload your ID documents for verification.

In your vault page, Tap on the + symbol next to authentication tokens that would popup a list of choices

Choose ADD A PHOTO IDENTITY OPTION. In the subsequent choices,

Choose Password Protected Zip file if you are uploading a Digital Identity document like Offline Aadhar zip file or something similar.

Choose Image Document in case you are uploading a scanned photo of your identity document.

Choose Scan Document in case you wish to scan your identity document.

In the next section, based on your choices, you will be asked to upload your document and take a selfie. Upon Document submission, you will get a reference ID that can be used to request for ID verification using the below button.

Note: For India users, we do not use your Offline Aadhar zip file to perform Aadhar number verification, nor do we need you to disclose your Aadhar number. We will only use the email and photo available in the offline zip file for verification

How To Add Profile Photo

Once you have completed the ID verification process, you will need to delete your existing Email Digital Token and follow the same process of creating a new Digital Token. Before setting your password, make sure to add your zip file or image artifact to your Vault by tapping on the (+) button as shown in the image. This will allow your photo to be retrieved and added to your profile.

If you used an offline zip file for verification, keep it safe and ensure you add it each time on any mobile device where you create your Digital Token. If your ID verification was completed using a passport, you will receive a profile picture that must be uploaded using the image artifact to set your profile picture.

If you lose your offline zip file or the profile picture provided by our support team, you will need to re-submit your documents and initiate a new ID verification request.

Note: Users providing Aadhaar zip files do not need to request ID verification for their first attempt to add their profile picture. However, subsequent changes will require the ID verification process to be followed.

Frequently Asked Questions

1. How Is Our Mobile App Different From Other Authenticator Apps?

Most Mobile Authenticator apps in general are not protected and they are best used as a second factor authentication by displaying a code associated with an email address.  Anyone having access to the mobile, can easily open the Authenticator app and access the two-Factor security code.

HexaEight Authenticator Mobile App on the other hand uses a Digital Token protected by a password. Because the password for the Digital token is never saved on the mobile and is only known to the user, it is impossible for others to impersonate simply by taking the phone and accessing the Digital token.

2. How Do I physically Verify the identity of another email user using our Mobile App?

At times, we may wish to verify another user's identity by validating their email address if you have been dealing with them solely through their email address, such as when you are talking to someone over chat or over the phone with a support representative, or meeting someone unfamiliar.

There may also be occasions when hackers may attempt to send you a link containing QR Codes which must be decoded using HexaEight Digital Tokens. As a human user, if you are suspicious of the other user who you're interacting, you should immediately verify the other user's identity using our physical verification process as described below.

To aid this effort HexaEight provides a simple verification process for any user to identify the other user by performing the below steps.

In the below depicted example Alice wants to verify the email address of Bob whose email id is bob@anyemail.chat. Alice and Bob follow the below sequence of steps to complete the verification process.  

a)  Alice opens HexaEight Mobile App and Taps VERIFY IDENTITY button located in the Home Tab.

b)  Alice choses, YES when prompted for a new Identity Token. She is shown a QR Code 

c)  Alice shows (or transfers) the QR Code to Bob and asks him to scan the QR Code using his Digital Token associated with his email address


d) Bob scans the QR Code using his Digital Token associated with his email address and if the process is successful is shown a response  QR Code which he shows (or transfers) back to Alice.

e) Alice taps the back button on the mobile and uses the scanner app to scan the QR Code given by Bob.

f) Upon Scanning the QR Code, If Bob's email address is valid, Alice will see a success message on her mobile along with the email address thus completing the verification process.


NOTE: Alice and Bob can share the QR Code through any channel and complete the verification process.

3. Is it possible for a automated bad bot to use HexaEight Authentication and still login and mimic a human user?

Our mobile app does NOT provide any interface for bots. To thwart automated programs, we have implemented some complex screen interactions in the mobile app to prevent bots from being able to interact with our app smoothly.  However, it may be possible on a very rare instance for a bot to bypass our check.  Since our platform monitors the behavior of normal users, its easy for us to catch a bot trying to mimic human user by automating our authentication process. Whenever an email id is suspected of bot behavior, we may temporarily or permanently ban the email id from using our app unless the email owner can prove that their actions were misinterpreted as a bot 

We also provide a feature in our Token Server, to ban email addresses by adding a deny rule to authorization policies.  This can benefit anyone using our services to block an email id instantly on their token server, in the event they detect that the email was used to mimic a human user.  

Similarly, we empower any human user, to be able to detect a bot by providing a feature for physically (or virtually) verifying the other email user, this feature is very useful, if a human user suspects that the person at the other end not behaving as a normal human user and might be a bot.  We hope that these steps will allow anyone using our platform to distinguish users and bots. 

If you are a Developer, please visit our Mobile App section page in our Document section for more details

Developer Documentation

Privacy Policy

Terms of Use

© Copyright 2024 HexaEight - All Rights Reserved
HexaEight Trademark is held by HexaEight. Various trademarks are held by their respective owners.