If you have questions about your onX account security or want to report a security vulnerability, this article covers best practices for keeping your account safe and how to get in touch with our security team.
Reporting a security vulnerability
If you believe you've found a security vulnerability in an onX product, send your findings to security@onxmaps.com. For general account security questions, contact our support team at help@onxmaps.com and we'll forward your inquiry to the security team.
Account security best practices
You're responsible for keeping your onX account secure. Here are some ways to protect it:
Use a strong password
- Use a password longer than 10 characters that's easy to remember but hard to guess.
- Don't reuse passwords from other websites—a compromised account elsewhere could put your onX account at risk.
- Don't share your password with anyone—we can't log other users out of your account.
- Consider using your device's built-in password manager to generate and store a strong password.
- Change your password periodically as a precaution.
Watch for phishing and fraudulent sites
onX personnel will never contact you to ask for your password or account information. If something seems suspicious, reach out to us directly through our official support channels rather than responding to the suspicious contact. Be careful not to enter your account information on any site that appears to be mimicking onX but uses an unfamiliar domain.
Secure your mobile device
Protect your phone with a PIN or biometric lock. Someone with access to your unlocked device may be able to retrieve saved passwords or inspect App data stored on the device.
Monitor your account activity
- Keep an eye out for unusual activity such as Markups being added or modified without your knowledge.
- Make sure the email address on your account is current and accessible—you'll need it for password recovery.
- Watch for unexpected password reset emails or subscription change notifications, which could indicate unauthorized access.
- If you suspect unauthorized activity, reset your password immediately.