Chat support available. Click the chat icon on the bottom right corner to start chatting with us right away!

mSecure Support

Knowledge Base Forums Submit a ticket

Unauthorized Sign In

If you have not received a "New Sign In" email, or if you have received an email but are aware of the activity, please disregard the notification as well as this article. Your mSecure account is safe, and no action is required. However, if you received a "New Sign In" email, and you are certain the sign in is unauthorized, please follow the instructions below immediately. 


NOTE: The inability to unlock mSecure is NOT an indication on its own that your account has been compromised.



IMPORTANT:

The ONLY way to make certain your real accounts are safe is to change the password for each of them from either the account’s app installed on your device or to go to the account’s website and change the password online. Since the Login data stored in mSecure is simply a mirror of your real account's username and password credentials, if those credentials are changed online, the Login information that may have been stolen would be rendered useless.



Being hacked can feel like a personal attack: You go to log into Facebook, or Gmail, or iCloud—and your password doesn't work, leaving you unable to protect your most important online accounts. This worst-case scenario might bring on feelings of helplessness. Fortunately, you can take action in the face of digital vandalism.


It's important to remember that in order for someone to be able to sign in to your mSecure account, they will need to have access to your account's email address, password, and encrypted account key. Your mSecure account password and encrypted account key are not stored on our servers, so the thief would have had to gain access to them through other means, which will be discussed in more detail at the end of this article. If someone gains access to all of these items and signs in to your mSecure account, they may have full access to the information you store in mSecure.


Note for those using Wi-Fi syncing

If you are using Wi-Fi syncing, the information you store in mSecure cannot be accessed by anyone else signing in to your account. With Wi-Fi syncing, your information is only stored locally on each of your devices, so there is no remote location from which your data can be downloaded. However, even though your mSecure information is safe, the unauthorized sign in is an indication that at least one person has access to personal information about you they should not have. Please refer to the information at the bottom of this article on taking measures to make your digital life secure.



Can you still unlock mSecure on your devices?

If you are able to unlock mSecure, the first thing you should do is change the password for your account. This will keep an unauthorized user from having future access to your information. After you change your password, any devices currently signed in to your account will be notified that the password has been changed, and in order to unlock the app, they would need to know the new password you just set. If you need help with changing your password, please refer to the information in this article.


It's important to realize here that even though further unauthorized access to your information has been blocked, while the thief had access to your mSecure account, they may have made a backup of your information, and that backup can be restored in a different mSecure account. In the end, changing your password is the best first step to safeguard your information, but it does NOT in any way mean your real online accounts are safe.


Again, the ONLY way to make certain your real accounts are safe is to change the password for each of them from either the account’s app installed on your device or to go to the account’s website and change the password online. Since the Login data stored in mSecure is simply a mirror of your real account's username and password credentials, if those credentials are changed online, the Login information that may have been stolen would be rendered useless. 


When changing your real account passwords, start with the accounts you believe are most sensitive and most important. Typically, these will be the accounts tied to your financial institutions. After your most sensitive account passwords have been changed, change the password for every active account you own. After all of your account passwords have been changed, the Login information that may have been stolen from your mSecure account is now useless: the passwords a thief may have no longer match the real account passwords. However, there is still work that needs to be done. Please skip to the bottom section of this article and read more about reacting to the possibility of identity theft and how to make your digital life secure.



If you have received a "New Sign In" email, are you notified of a password change on another device?

If an unauthorized user is able to sign in to your account, it is possible for them to change your account password which would then lock you out of mSecure and your information. If this happened, you would have received a "New Sign In" email from us, and you would see a notification that reads, "Your password has been changed on another device" when you attempt to unlock your mSecure app. In this case, immediately reset your mSecure account, as this has the potential to help stop attackers from further causing damage.

An mSecure account reset will remove any information you have stored in the mSecure Cloud, it will lock you out of the mSecure app on all of your devices, and it will render all mSecure data stored in your Dropbox or iCloud account unusable. In short, you will lose the information you have stored in mSecure, unless you have a backup of your information, which we can help you locate. If you have a backup of your data, then you can restore your information from that backup file after your mSecure account has been reset. In any case, resetting your account could prevent the unauthorized user from having further access to your information, so it is a necessary step to take.


How to reset your mSecure account:

  1. Open the reset account page in your browser.
  2. Enter the email address that you use as your mSecure account to log in in the available field and click "Start Process".
  3. Open your email client or email service on a browser, find our Account Reset email labeled "Account Reset for mSecure" and click the "Here" link.
  4. Enter a new Account Password, confirm the password, and create a new account hint.


If you need further assistance in resetting your account, refer to this article.


Further access to your mSecure account has now been blocked, but while the thief had access to your mSecure account, they may have made a backup of your information. Unfortunately, that backup can be restored in a different mSecure account. In the end, resetting your mSecure account was the best first step to take, but it does NOT in any way mean your real online accounts are safe.


As mentioned at the start, the ONLY way to make certain your real accounts are safe is to change the password for each of them from either the account’s app installed on your device or to go to the account’s website and change the password online. Since the Login data stored in mSecure is simply a mirror of your real account's username and password credentials, if those credentials are changed online, the Login information that may have been stolen would be rendered useless. 


When changing your real account passwords, start with the accounts you believe are most sensitive and most important. Typically, these will be the accounts tied to your financial institutions. After your most sensitive account passwords have been changed, change the password for every active account you own. After all of your account passwords have been changed, the Login information that may have been stolen from your mSecure account is now useless: the passwords a thief may have no longer match the real account passwords. However, there is still work that needs to be done. Please skip to the bottom section of this article and read more about reacting to the possibility of identity theft and how to make your digital life secure.


After you have changed your account password:

  1. Reinstall mSecure on all of your devices
    • If using a Mac computer, please follow these steps as well:
      1. Open mSecure
      2. Click the Help option in the top menu bar, then hold down the "option" key on your keyboard (just to the left of the spacebar)
      3. Click "Show Data in Finder"
      4. Close mSecure
      5. Move the mSecure.mscb file to the trash
      6. Re-launch mSecure
    • If you were using iCloud or Dropbox syncing:
      • Delete the data.mssb file in your Dropbox account located here: Dropbox/Apps/mSecure /accountID/data.mssb
      • Delete the data.mssb file in your Dropbox account located here: iCloud Drive/mSecure/accountID/data.mssb
  2. Restart your device
  3. Sign in to your mSecure account using your new Account password and proceed with the onboarding process to start using mSecure again



Making your digital life secure

If you answered yes to one of the questions above and followed the steps outlined in that section, there is further action needing to be taken. While your online accounts should now be secure, there is typically other information stored in mSecure that could lead to further problems related to identity theft. Here are two links discussing what should be done in the case of identity theft. You will be able to find a ton of information online to help you through this process, but the two articles listed below list out the companies you need to call and provide links where you can reach out to the government for more help.


  1. Bankrate: https://www.bankrate.com/finance/credit/steps-for-victims-of-identity-fraud.aspx
  2. Tom's Guide: https://www.tomsguide.com/us/what-to-do-ssn-stolen,news-18742.html


As mentioned before, your mSecure account password and encrypted account key are not stored on our servers, so the thief would have had to gain access to them through other means (you can learn more about our security model here). This could have been accomplished through the use of malicious software installed on your device, so make sure to scan your computer for malware and viruses with a trusted security application. If you do not have security software installed, you can use Microsoft’s built-in Windows Defender, Avast or AVG, which are among the many companies that make free antivirus software for Windows and Mac. You should also update your computer and devices with the latest security updates.


Check your email account's mail settings to make sure nothing has been changed — like copies of your messages set to forward to unfamiliar addresses, unfamiliar entries in your address book, or new links or information added to your email signature file. You will also need to change the password to your email accounts. You could change the password only for the one email address associated with your mSecure account, but we recommend you change the password to all of your email accounts to be safe as possible. On top of changing the password to your email accounts, take this opportunity to change and update the security questions and answers your email provider uses to confirm your identity should you have to use the Forgot Password option.


Turning on an extra layer of protection for your email account, like Google's two-step verification for Gmail, can help protect against hackers because you must confirm your identity with a smartphone app or text code after you enter your password. While you are in your mail settings, set up two-factor authentication or two-step verification if you have not already done so and the feature is available from your mail provider. You will need to provide a code or acknowledge a login attempt on another device after you enter your password, but the extra step helps keep your account more secure


The Federal Trade Commission has an online guide for dealing with a hacked email account. In addition to the tips outlined in the online guide, make sure you do not connect to public wireless networks without using a virtual private network.

Did you find it helpful? Yes No

Can you please tell us how we can improve this article?