Password Requirements

MisarMail requires passwords to be at least 12 characters long and include a mix of uppercase letters, lowercase letters, numbers, and symbols. We recommend using a password manager to generate and store strong, unique passwords.

Enabling Two-Factor Authentication (2FA)

Go to Settings → Security
Click Enable Two-Factor Authentication
Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password, etc.)
Enter the 6-digit code from the app to confirm setup
Save your backup codes in a secure location

Once enabled, you will be prompted for a 6-digit code from your authenticator app every time you sign in from a new device.

Active Sessions

View and manage all active login sessions from Settings → Security → Active Sessions. You can revoke any session remotely — useful if you suspect unauthorized access or if you lose a device.

API Key Security

API keys grant programmatic access to your MisarMail account. Best practices:

Use separate API keys for each integration or application
Never expose API keys in client-side code (websites, mobile apps)
Rotate API keys regularly
Revoke keys immediately if a key is compromised
Use the minimum required permissions for each key

Team Access and Permissions

Control what team members can access using role-based permissions:

Admin: Full access including billing and team management
Editor: Can create and send campaigns and automations, manage contacts
Viewer: Read-only access to campaigns and analytics

Reporting a Security Issue

If you discover a security vulnerability in MisarMail, please report it responsibly to [email protected]. We review all reports within 48 hours and will notify you when the issue is resolved.