Security
Protect your MentionFox account and the sensitive business intelligence it contains. Use a strong unique password, review active sessions, and control your API keys. (Two-factor authentication is planned but not yet available.)
Two-Factor Authentication (2FA)
Two-factor authentication is on our roadmap but is not available yet. When it ships, you'll be able to add a second login factor from your account settings, and we'll update this page with the steps. Until then, the strongest protection for your account is a long, unique password you don't reuse anywhere else (see below), plus the session and API-key controls described further down.
2FA is coming. In the meantime, use a unique password from a password manager, sign out of shared devices, and rotate your API keys if you suspect one was exposed.
Changing Your Password
- Go to Settings > Security > Password.
- Enter your current password.
- Enter and confirm your new password (minimum 12 characters, must include uppercase, lowercase, and a number or symbol).
- Click Update Password.
If you forgot your current password, click Forgot Password on the login screen to receive a reset link via email.
Active Sessions
Review all devices and browsers currently logged into your MentionFox account.
- Go to Settings > Security > Active Sessions.
- You will see a list of sessions with device type, browser, IP address, location (approximate), and last active time.
- To end a session you do not recognize, click Revoke next to it.
- To log out everywhere except your current session, click Revoke All Other Sessions.
If you see a session from an unfamiliar location or device, revoke it immediately and change your password.
API Key Management
API keys provide programmatic access to your MentionFox data. Treat them like passwords.
- Generate a key: Settings > API Keys > Generate New Key. The key is shown only once -- copy it immediately.
- Name your keys: Give each key a descriptive name (e.g., "Zapier integration" or "Internal dashboard") so you know what it's used for.
- Revoke a key: Click Revoke next to any key to disable it instantly. Any integration using that key will stop working.
- Rotate keys regularly: We recommend rotating API keys every 90 days, especially for production integrations.
Login Notifications
MentionFox can email you whenever a new device or browser logs into your account. Enable this at Settings > Security > Login Notifications. The email includes the device, browser, IP address, and approximate location, along with a link to revoke the session if you do not recognize it.
Data Encryption
MentionFox encrypts all data in transit (TLS 1.3) and at rest (AES-256). Dossier data, contact enrichments, and credentials are stored in encrypted database columns. API keys are hashed and cannot be retrieved after creation -- only verified.
If You Suspect Unauthorized Access
- Immediately change your password at Settings > Security > Password.
- Revoke all sessions at Settings > Security > Active Sessions > Revoke All.
- Revoke all API keys at Settings > API Keys.
- Review recent activity in the account for any unauthorized changes.
- Contact support at support@mentionfox.com if you need further assistance.
