> ## Documentation Index > Fetch the complete documentation index at: https://docs.octav.fi/llms.txt > Use this file to discover all available pages before exploring further. # Authentication > How authentication works in Octav Learn about Octav's secure, passwordless authentication system and best practices for protecting your account. {" "} Passwordless email authentication {" "} Industry-leading security standards {" "} Read-only platform, your keys stay safe {" "} Encrypted connections and secure storage *** ## How Sign-In Works Octav uses passwordless authentication via email magic links for a secure, convenient experience. Go to [pro.octav.fi](https://pro.octav.fi) {" "} Enter your email address on the login page {" "} Look for an email from Octav with your magic link (check spam folder if needed) {" "} Click the link in the email to instantly sign in No password needed - you're now signed in securely **Passwordless Authentication** — Magic links eliminate the need for passwords, reducing the risk of password theft, phishing, and credential reuse. *** ## Why Magic Links? ### More Secure Than Passwords Can't reuse credentials from breached sites No risk of weak or guessable passwords Harder to phish than traditional credentials Proves you control the email address ### Simpler & Faster **Benefits:** * No passwords to remember * No password reset flows * No password complexity rules * Faster sign-in process * Works on any device **One Click Access** — Magic links provide secure access with just one click from your email. ### Technical Details **Magic Link Flow:** 1. You enter your email address 2. Octav generates a unique, time-limited token 3. Token is sent to your email 4. You click the link containing the token 5. Octav validates the token and creates a session 6. You're signed in securely **Security Features:** * Tokens expire after 15 minutes * Single-use tokens (can't be reused) * Secure token generation * HTTPS encryption in transit *** ## Magic Link Best Practices **Protect Your Email Account:** * Use a strong, unique password for your email * Enable two-factor authentication on your email account * Don't share your email credentials * Use a reputable email provider **Email Access = Account Access** — Anyone with access to your email can sign in to your Octav account. Secure your email with strong authentication. **Magic Links Expire:** * Links are valid for 15 minutes * Each link can only be used once * Request a new link if yours has expired * Old links become invalid after use **If Your Link Expired:** 1. Return to [pro.octav.fi](https://pro.octav.fi) 2. Enter your email again 3. Request a new magic link 4. Check your inbox for the new link **Always Verify:** * Official domain: **pro.octav.fi** * Look for HTTPS in the address bar * Check for the padlock icon * Bookmark the official site **Red Flags:** * Suspicious domains (octav-login.com, octav.io, etc.) * No HTTPS encryption * Unusual email sender addresses * Unexpected login requests *** ## API Authentication For developers integrating with the Octav API. {" "} Complete API authentication guide {" "} Manage your API keys **API Authentication Methods:** * **API Keys** - For server-to-server communication * **JWT Tokens** - For client-side applications [View complete API documentation →](/api/authentication) *** ## Account Security ### Read-Only Platform **Your Keys Stay Safe** — Octav is a read-only portfolio tracker. We never ask for private keys or seed phrases, and we cannot execute transactions on your behalf. **What Octav Can See:** * Your wallet addresses (that you provide) * Public blockchain transaction data * Token balances and positions **What Octav Cannot Access:** * Your private keys * Your seed phrases * Your exchange credentials * Ability to move your funds ### SOC 2 Compliance **Design Compliance** Security controls properly designed **Operational Compliance** Security controls operating effectively over time **What This Means:** * Industry-leading security standards * Regular third-party security audits * Comprehensive security controls * Data protection best practices * Continuous monitoring and improvement *** ## Data Protection ### How We Protect Your Data **Encryption:** * Data encrypted in transit (TLS 1.3) * Secure data storage * API keys encrypted at rest * Secure communication protocols **Infrastructure:** * SOC 2 Type 1 & Type 2 certified * Regular security audits * Monitored 24/7 * Secure hosting infrastructure ### Your Privacy Matters **We Never:** * Sell your personal data * Share data with advertisers * Track you across other websites * Ask for private keys or seed phrases **We Only Collect:** * Email address for authentication * Wallet addresses you provide * Public blockchain data * Essential account information ### Data Control **You Can:** * Access your data anytime * Export your data * Delete your account and data * Control what wallets we track **GDPR & CCPA Compliant:** * Right to access * Right to deletion * Right to portability * Right to correction [View Privacy Policy →](https://pro.octav.fi/privacy) *** ## Need Help? ### Account Access Issues If you're having trouble signing in or accessing your account, please contact our support team. Make sure the magic link hasn't expired (15 minute limit) {" "} Magic link emails may sometimes end up in spam {" "} Try requesting a new magic link if yours expired If issues persist, email [info@octav.fi](mailto:info@octav.fi) **Account Recovery** — For account access issues, please contact [info@octav.fi](mailto:info@octav.fi) with your account email address. ### Support Options {" "} [info@octav.fi](mailto:info@octav.fi) {" "} Community support {" "} Get help from our team