With Runbox you can ensure that no one but you can access your account by using the Runbox Account Security feature. It  includes 5 sections: Two-Factor Authentication, Manage Services, App Passwords, Last Logins, and Sessions.

Used separately or in combination, these features add extra layers of security to your Runbox account.

Two-Factor Authentication

Two-Factor Authentication (2FA) is a log in procedure where an additional piece of information is required in addition to the account holder’s username and account password.

This additional factor is a code that can only be used once, or for a limited period of time.

Runbox Two-Factor Authentication graphic
Runbox Two-Factor Authentication

Runbox 2FA currently supports Timed One-Time Passwords (TOTP) and One-Time Passwords (OTP) as additional factors. We are planning to expand this with Yubikey or U2F support.

Manage Services

The new Account Security interface lets users disable various services such as IMAP, POP, and SMTP. These are the services used with email apps/programs to access email.

By disabling services not in use, account holders can prevent attempts at unauthorized access to their accounts via those services.

App Passwords

Users can also set up unique passwords for each of their apps or devices, giving them complete control over the access to their account.

If they then happen to lose a device they can simply delete the corresponding app password, effectively disabling access from that device.

Last Logins

This feature shows a list of the most recent login attempts to accounts from each service such as web, IMAP, POP, and SMTP.

If account holders suspect that there have been unauthorized login attempts to their account, they can review this list and take appropriate action.


Here users can see the current logged-in sessions using their Runbox account, easily letting them spot any unauthorized access.