Password Requirements

MisarMail requires passwords to be at least 12 characters long and include a mix of uppercase letters, lowercase letters, numbers, and symbols. We recommend using a password manager to generate and store strong, unique passwords.

Enabling Two-Factor Authentication (2FA)

1. Go to Settings → Security
2. Click Enable Two-Factor Authentication
3. Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password, etc.)
4. Enter the 6-digit code from the app to confirm setup
5. Save your backup codes in a secure location

Once enabled, you will be prompted for a 6-digit code from your authenticator app every time you sign in from a new device.

Active Sessions

View and manage all active login sessions from Settings → Security → Active Sessions. You can revoke any session remotely — useful if you suspect unauthorized access or if you lose a device.

API Key Security

API keys grant programmatic access to your MisarMail account. Best practices:

• Use separate API keys for each integration or application
• Never expose API keys in client-side code (websites, mobile apps)
• Rotate API keys regularly
• Revoke keys immediately if a key is compromised
• Use the minimum required permissions for each key

Team Access and Permissions

Control what team members can access using role-based permissions:

• Admin: Full access including billing and team management
• Editor: Can create and send campaigns and automations, manage contacts
• Viewer: Read-only access to campaigns and analytics

Reporting a Security Issue

If you discover a security vulnerability in MisarMail, please report it responsibly to security@misar.io. We review all reports within 48 hours and will notify you when the issue is resolved.