Account Security
Best practices to keep your SipherMail account secure
Your password is the first line of defense:
- Use at least 12 characters (longer is better)
- Include uppercase, lowercase, numbers, and symbols
- Don't use dictionary words or personal information
- Use a unique password (not reused from other accounts)
- Consider using a password manager
Tip: Passphrases (multiple random words) are often easier to remember and more secure than complex passwords.
2FA adds a critical second layer of security. Even if someone obtains your password, they cannot access your account without your 2FA device.
See the Two-Factor Authentication guide for setup instructions.
Regularly review your account activity to detect unauthorized access:
- Check active sessions in Settings → Security
- Review login history for unfamiliar locations or devices
- Monitor email forwarding and filters for unexpected changes
- Review API token usage if you use API access
Warning: If you see suspicious activity, change your password immediately and revoke all sessions.
Phishing
Be cautious of emails asking for your password or personal information. SipherMail will never ask for your password via email.
Malware
Keep your devices updated and use antivirus software. Malware can steal passwords and session tokens.
Public Wi-Fi
Avoid logging into your account on public networks. If necessary, use a VPN.
Shared Devices
Never log into your account on shared or untrusted devices. Always log out when finished.
- Change your password immediately - Use a strong, unique password
- Revoke all sessions - Go to Settings → Security → Active Sessions and revoke all
- Review account settings - Check for unauthorized changes to forwarding, filters, or recovery methods
- Enable 2FA - If not already enabled, set it up immediately
- Check for forwarded emails - Ensure no emails are being forwarded to unknown addresses
- Review recent activity - Check sent emails and login history
- Contact support - If you need assistance securing your account