Security

Protect your MentionFox account and the sensitive business intelligence it contains. Enable two-factor authentication, manage passwords, review sessions, and control API keys.

Two-Factor Authentication (2FA)

2FA adds a second layer of protection beyond your password. Even if someone obtains your password, they cannot access your account without the second factor.

Enabling 2FA

1. Go to Settings > Security > Two-Factor Authentication.
2. Click Enable 2FA.
3. Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password, etc.).
4. Enter the 6-digit code from your authenticator app to verify.
5. Save the recovery codes displayed on screen. Store them in a secure location -- these are your backup if you lose access to your authenticator app.

Disabling 2FA

1. Go to Settings > Security > Two-Factor Authentication.
2. Click Disable 2FA.
3. Enter your current 2FA code to confirm.

Changing Your Password

1. Go to Settings > Security > Password.
2. Enter your current password.
3. Enter and confirm your new password (minimum 12 characters, must include uppercase, lowercase, and a number or symbol).
4. Click Update Password.

If you forgot your current password, click Forgot Password on the login screen to receive a reset link via email.

Active Sessions

Review all devices and browsers currently logged into your MentionFox account.

1. Go to Settings > Security > Active Sessions.
2. You will see a list of sessions with device type, browser, IP address, location (approximate), and last active time.
3. To end a session you do not recognize, click Revoke next to it.
4. To log out everywhere except your current session, click Revoke All Other Sessions.

If you see a session from an unfamiliar location or device, revoke it immediately and change your password.

API Key Management

API keys provide programmatic access to your MentionFox data. Treat them like passwords.

• Generate a key: Settings > API Keys > Generate New Key. The key is shown only once -- copy it immediately.
• Name your keys: Give each key a descriptive name (e.g., "Zapier integration" or "Internal dashboard") so you know what it's used for.
• Revoke a key: Click Revoke next to any key to disable it instantly. Any integration using that key will stop working.
• Rotate keys regularly: We recommend rotating API keys every 90 days, especially for production integrations.

Login Notifications

MentionFox can email you whenever a new device or browser logs into your account. Enable this at Settings > Security > Login Notifications. The email includes the device, browser, IP address, and approximate location, along with a link to revoke the session if you do not recognize it.

Data Encryption

MentionFox encrypts all data in transit (TLS 1.3) and at rest (AES-256). Dossier data, contact enrichments, and credentials are stored in encrypted database columns. API keys are hashed and cannot be retrieved after creation -- only verified.

If You Suspect Unauthorized Access

1. Immediately change your password at Settings > Security > Password.
2. Revoke all sessions at Settings > Security > Active Sessions > Revoke All.
3. Revoke all API keys at Settings > API Keys.
4. Enable 2FA if not already enabled.
5. Review recent activity in the account for any unauthorized changes.
6. Contact support at support@mentionfox.com if you need further assistance.