Security is important to you. It's important to us, too. We provide a range of options to let you keep your email secure.

Password Encryption

How to keep your password secure is one of our favorite topics. We try to make sure we're doing our best to keep our copy secure, too.

Our encryption algorithm is bcrypt, and we use unique salt and expensive key generation to hash your passwords. Our maximum password length is 72 characters. You can use virtually all special characters, as long as they're printable ASCII.

Two-step Verification optional

Two-step verification means you cannot log in with your password only -- you need a second authentication "token". We use time-based one-time passwords (TOTP) as the second token.

To use two-step verification, you add an app to your smart phone. You will use the app to scan the QR code we give you, and the app will generate the token you'll need to log in.

App-specific Passwords optional

App-specific passwords let you use your main password for account administration only, and use separate passwords for email clients or SMTP access from another service like Gmail.

App-specific passwords can be revoked at any time from the Pobox site, and can be for SMTP only or SMTP+IMAP.

Recovery Options

For accounts that use email forwarding, password recovery sends a password reset link to your forwarding address.

You can also set up a backup recovery address that doesn't get forwarded mail, like your spouse or work address, in case you're ever locked out.

Additional Administrators optional

If you're your family's technical guru, we also want to make it easy for you to help (without having to reset a family member's password every time they have a question.)

Accounts can invite other Pobox users to be additional administrators (or its set up automatically if you run a group. Once you accept the invite, you can log in with your own credentials, and see them in your Users section!