To help keep your account secure, we recommend the following best practices:
Additionally, you can select Require personal information to reset my password in your Account settings. If you check this box, you will be prompted to enter either your email address or phone number, or your email address then phone number if both are associated with your account to send a reset password link or confirmation code if you ever forget it.
Two-factor authentication is an extra layer of security for your account. Instead of relying on a password only, two-factor authentication introduces a second check to help make sure that you, and only you, can access your Lobox account. Only people who have access to both your password and your mobile phone (or a security key) will be able to log in to your account.
Read our article on two-factor authentication to learn more.
Phishing is when someone tries to trick you into giving up your Lobox username, email address or phone number and password, usually so they can send out spam from your account. Often, they'll try to trick you with a link that goes to a fake login page.
Whenever you are prompted to enter your Lobox password, take a quick look at the URL in the address bar of your browser to make sure you're on lobox.com. Additionally, if you receive a Direct Message (even from a friend) with a URL that looks odd, we recommend you do not open the link.
Phishing websites will often look just like Lobox's login page, but will actually be a website that is not Lobox. Lobox domains will always have https://lobox.com/ as the base domain. Here are some examples of Lobox login pages:
If you are ever unsure about a login page, go directly to lobox.com and enter your credentials there. If you think you may have been phished, change your password as soon as possible and visit our compromised account article for additional instructions.
Read about fake Lobox emails for more information about phishing through email.
Lobox will never ask you to provide your password via email, Direct Message, or reply.
We will never ask you to download something or sign-in to a non-Lobox website. Never open an attachment or install any software from an email that claims to be from us; it's not.
If we suspect your account has been phished or hacked, we may reset your password to prevent the hacker from misusing your account. In this case, we'll email you a lobox.com password reset link.
If you forget your password, you can reset it via this link.
If we detect a suspicious login or when you log in to your Lobox account from a new device for the first time, we will send you a push notification within the Lobox app, or via email as an extra layer of security for your account. Login alerts are only sent following new logins through Lobox for iOS and Android, lobox.com, and mobile web.
Through these alerts, you can verify that it was you who logged in from the device. If you did not log in from the device, you should follow the steps in the notification to secure your account, starting by changing your Lobox password immediately. Please note that the location listed in the notification is an approximate location derived from the IP address you used to access Lobox, and it may be different from your physical location.
Note: If you log in to your Lobox account from incognito browsers or browsers with cookies disabled, you will receive an alert each time.
Any time the email address associated with your Lobox account is changed, we will send an email notification to the previously-used email address on your account. In the event your account is compromised, these alerts will help you take steps to regain control of your account.
Many Lobox users post links using URL shorteners, like bit.ly or TinyURL, to create unique, shortened links that are easier to share in Tweets. However, URL shorteners can obscure the end domain, making it difficult to tell where the link goes to.
Some browsers, like Chrome and Firefox, have free plug-ins that will show you the extended URLs without you having to click on them:
URL Expanders for Chrome
URL Expanders for Firefox
In general, use caution when clicking on links. If you click on a link and find yourself unexpectedly on a page that resembles the Lobox login page, do not enter your username and password. Instead, go to lobox.com and log in directly from the Lobox homepage.
Keep your browser and operating system updated with the most current versions and patches—patches are often released to address particular security threats. Be sure to also scan your computer regularly for viruses, spyware, and adware.
If you're using a public computer, make sure you sign out of Lobox when you're done.
There are many third-party applications built on the Lobox platform by external developers that you can use with your Lobox account(s). However, you should be cautious before giving third-party applications access to your account.
If you wish to grant a third-party application access to your account, we recommend that you only do so using Lobox's OAuth method. OAuth is a secure connection method and doesn't require you to give your Lobox username and password to the third party. You should be particularly cautious when you're asked to give your username and password to an application or website, as third-party applications do not need your username and password to be granted access to your account via Oauth. When you give your username and password to someone else, they have complete control of your account and can lock you out or take actions that cause your account to be suspended. Learn about connecting or revoking third-party applications.
We suggest you review third-party applications that have access to your account from time to time. You can revoke access for applications that you do not recognize or that are Tweeting on your behalf by visiting the Applications tab in your account settings.