==== Always sign your tokens

The foremost measure to enhance JWT security is to ensure that every JWT you
issue is signed. Unsigned tokens are like open books that anyone can tamper
with. Signing your JWTs ensures that any alterations to the tokens after they
have been issued can be detected. Most JWT libraries support a signing function,
and using it is usually as simple as providing a secret key when the token is
created.

==== Choose a strong cipher algorithm

It is not enough to merely sign your tokens. You need to sign them with a strong
cipher algorithm. Algorithms like HS256 (HMAC using SHA-256) are considered
secure for most purposes. But for an additional layer of security, you could use
an algorithm like RS256 (RSA Signature with SHA-256), which uses a private key
for signing and a public key for verification. This way, even if someone gains
access to the public key, they will not be able to forge tokens.