Log In Details

Your username and password are the only way that you can access your account. As such, it is important that only you know what they are, and there are steps you can take to ensure your account remains secure.

If you have activated Two-Factor Authentication, you will also need a Timed One Time Password or your One Time Passwords.

An Important Thought to Begin With

It’s probably not helpful that we call them passwords, because that immediately gives the impression you are supposed to think of a “word” to use for your password. However, using ordinary words is one of the worst things you can do, and in fact it would be more helpful to talk about passphrases. An example of something like a passphrase that is easy to remember is given in the “Better Passwords” section.

Choose a Good Password

Your Runbox password can contain the letters a-z and A-Z, the numbers 0-9, and the following special characters:

+?=()&,.:;-_/*@!#~`#$%^&[]{}|\'"<>

Your password must:

  • Not be the same as your username.
  • Be between 8 and 64 characters long.
  • Contain a mix of characters, numbers, and letters (at least 2 characters, and at least 2 numbers, 2 special characters, or one of both).

Occasionally we see accounts accessed by people who should not have access to them. In the majority of cases when we talk to the account owner about what went wrong we find that they had a very weak password that could be “guessed”. In other cases the password has usually been obtained through phishing or malware on a customer’s computer (see below).

When we talk about passwords being “guessed”, we don’t really mean a person sitting down and thinking, “I wonder what it could be?”, we mean a computer that is set up to quickly try common passwords or other combinations that are known to be popular. This is often called a dictionary attack.

Here are some possible passwords and why they are not a good idea.

Poor Passwords
trees This is a very short password, it is also a common word that would almost certainly be tried during a dictionary attack.
el1m1nate5 This is too short even if it was a good password. This a real word, and it is well known tactic to replace letters with numbers. This password is going to be tried by a hacker.
runbox1479 This is too short even if it was a good password. Any word with numbers after it is still quite vulnerable to a dictionary attack. Using runbox is a bit obvious too.

Here are some better options:

Better Passwords
11vAG,&ZC3}LJ8D This is a good password. It is longer than the ones above and contains a good mixture of upper and lower case characters as well as special characters. It’s not easy to remember though.
soph03111984-Isticated This is a good password and based on a broken up word and a date. It also includes an uppercase character and one special character. It’s easier to remember than the one above.
wood-bicycle-phone-mouse Believe it or not, despite everything we said above about the problems of using real words, this is a pretty good password because it is more like a passphrase. The key to it being secure is that it is long, contains words unrelated to each other or to the user (this is very important) and some special characters. The more words you use the better it becomes as a password/passphrase. It could be made better, but even as it is it is easy to remember and quite secure.

These are only examples, and you should not use any of the ones above as they are now associated with the Runbox website (and by extension Runbox email accounts). There are many ways you could combine easy to remember words or phrases with numbers and special characters to create good passwords.

Stolen Usernames and Passwords

Even if you have a good password it is important that it doesn’t get in to the wrong hands. Password can be stolen by:

  • people looking over your shoulder as you type then in
  • viruses or malware on your computer (we recommend virus software for Mac and PC users)
  • phishing (emails with a link that take you to fake website asking for your log in details)
  • vishing (people telephoning you claiming to be Runbox and asking for your log in details)
  • use of insecure network connections (particularly public WiFi)
  • writing them down on a piece of paper
  • sending them in an email

You should be able to store passwords in reputable password manager software, but you do so at your own risk and Runbox does not accept any responsibility if you do this and your account password is stolen.

Webmail: Runbox enforces a secure connection when you log in to your account from our website at https://runbox.com and as such you should be safe using it with any network (even a public one).

IMAP, POP and SMTP: We offer secure connections using SSL for these services, and in the future will move to a situation where we require you to use a secure connection (i.e. we will remove the option for an unencrypted connection).

Runbox Support will never ask for your password.

Using an Alias as your main Email Address

As both your username and password are required to gain access to your account, it could make sense to make sure your username is not revealed.

When you sign up for a Runbox account in the form @runbox.com we use your chosen username as the local part of your email address. For example, for the username demo, the address would be demo@runbox.com. This is easy for hackers to work out.

All Runbox accounts come with 100 aliases, aliases are alternative addresses for your account that deliver email to your account as if it was being sent to the main address. For example, my.alias@runbox.com could be an alias for demo@runbox.com. If the owner of this account always used my.alias@runbox.com as their main address then nobody would know the username was demo.

It is easy to confirm your Runbox account to use the details of an alias by going to Preferences.

Getting Help

If you have any questions or concerns about the security of your account, please don’t hesitate to get in touch with us at Runbox Support.