---
title: Fundamentals
---

# Fundamentals

These three patterns sit under every Rupt integration. Get them down first; every [guide](/docs/v3/guides) that follows is a variation on one of them with a different policy and different checks.

- **[Login protection](/docs/v3/fundamentals/login-protection)** — don't issue a session while a challenge is outstanding.
- **[Signup protection](/docs/v3/fundamentals/signup-protection)** — bind the new, ID-less user to its challenge so it can't be bypassed.
- **[Access protection](/docs/v3/fundamentals/access-protection)** — stop account sharing on everything in between, tuned conservatively since a false sharing accusation is costly.

Login and signup share the same [challenge flow](/docs/v3/challenge-flow) and differ only in what you hold onto — a session at login, a new user at signup. Access protection is the special case: it's [account sharing](/docs/v3/concepts/account-sharing), runs fully client-side, and optimizes for converting extra users into their own accounts rather than blocking them.