Password rules and keeping your account secure
Your NearbySpy account holds Case data, Evidence, Client communications, and in some cases billing details. The password rules below are the minimum we enforce. Meeting the minimum is fine, but on a real PI workload you should aim higher.
Your NearbySpy account holds Case data, Evidence, Client communications, and in some cases billing details. The password rules below are the minimum we enforce. Meeting the minimum is fine, but on a real PI workload you should aim higher.
Minimum password rules
- At least 8 characters. Longer is better; passphrases of 16+ characters are stronger than short complex passwords.
- Cannot be obviously trivial (your email, the word password, sequential digits).
- Stored only as a salted hash in Supabase Auth. NearbySpy staff never see your plaintext password.
What we recommend instead
Use a password manager (1Password, Bitwarden, or your browser's built-in manager) and let it generate a unique 20+ character string. The password should exist nowhere else: not in your phone notes, not in a teammate's email, not on a sticky note. If you cannot remember it, that is a feature, not a problem.
Two-factor through Google
If you sign in through Google, your Google account's two-factor settings already protect your NearbySpy login. Turn on 2FA in Google Account → Security if you have not already. See Signing in with Google.
Resetting a forgotten password
- On the sign-in page, click Forgot password.
- Enter the email on your account.
- Open the reset email and click the link. The link is single-use and expires quickly.
- Set a new password that meets the rules above.
If the email never arrived, check spam, confirm you typed the right address, and try again. Reset emails always come from a NearbySpy domain. If something looks off, do not click; report it to support.
Suspecting your account is compromised
Watch for: a sign-in confirmation email from a city you did not sign in from, Cases you do not recognize, Evidence uploads you did not perform, or messages you did not send. Do this immediately:
- Reset your password from a device you trust.
- If you use Google sign-in, sign out of all Google sessions in your Google account's Security page.
- Open the support form and pick the security category. Tell us what you noticed and roughly when.
Daily habits that protect you
- Use a unique password for NearbySpy. Reusing a password from another site means a breach there is a breach here.
- Lock your laptop and phone when you walk away. Most account compromises are physical, not technical.
- Be cautious with browser extensions on the same browser profile you use for NearbySpy. Unknown extensions can read what you see on screen.
- Never share your account with a teammate. Add them as a Case Member instead. See Case roles.
Related articles
Related in Account & Security
How to sign up and sign in
NearbySpy uses one sign-in page for everyone, Clients and Investigators alike. From that page you can create a new account or sign back into an existing one.
Phone verification and OTP troubleshooting
Some flows on NearbySpy use a one-time password (OTP) sent by SMS to a phone number you control. The most common are verifying a phone number on an Investigator profile during onboarding, and verifying ownership when claiming an imported listing.
Signing in with Google
You can sign up or sign in to NearbySpy with a Google account by clicking Continue with Google on the sign-in page. Google handles the password and we never see it. We receive only your verified email address, your name, and your profile photo from Google.
Need more help?
Still need help?
Didn't find the answer you were looking for? We're here for you.