In Experience Manager there is a feature, over the login page setting under Event Space menu, that is part of your package already and includes the option to set up layers of protection for restricting access. Some of these settings are:
Protect your app with a passcode of your choosing. Attendees will be required into input this code to gain access to your Event Space.
Require people to log in to view the Event Space
Everyone will be prompted to log in with an email address and password before they gain access to the app. Access will be restricted only to emails associated to people profiles if you have not enabled the "Allow people to sign up and access the Event Space" option during their first Event Space access as well.
Allow people to sign up and access the Event Space
Although this option does not restrict access to the Event Space and its contents, it will prevent users from creating and editing new profiles within the Attendee section.
A more in-depth overview on all available login options you will find over here
Enabling Event Space Security
You do not have to restrict security to one particular option. You can incorporate as many of the available security settings as you wish, simply by selecting the relevant checkbox.
Once you have made your selections, a box will highlight the behavior that will apply to the Event Space based on the settings you have selected.
EventMobi Universal App
Users who attempt to access your event using the EventMobi app will only see the login page, after entering your event code, and requesting the security requirement that has been enabled in the Experience Manager (i.e. passcode and/or email address). Users will not be able to access any of your event information without entering the correct criteria.
Custom Branded Apps
If you are hosting your Custom Branded App under your own developer account within the Apple App Store or Google Play Store, then it is important to note that users will have access to view your app listing and can download the app. Once security is enabled, however, they will not be permitted to log into the app that has been downloaded without providing the correct criteria such as a passcode or email address for verification.