# Account Security

Protect your Clore.ai account with these security features and best practices.

## Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security to your account.

### How to Enable 2FA

1. Go to **Account** → **Security**
2. Click **Enable 2FA**
3. Scan the QR code with your authenticator app:
   * Google Authenticator
   * Authy
   * Microsoft Authenticator
4. Enter the 6-digit code from your app
5. Save your backup codes securely

### Backup Codes

When enabling 2FA, you'll receive backup codes. **Store these safely!**

* Each code can only be used once
* Use them if you lose access to your authenticator
* Generate new codes if you run out

### Disabling 2FA

1. Go to **Account** → **Security**
2. Click **Disable 2FA**
3. Enter your current 2FA code
4. Confirm the action

> **Warning:** Disabling 2FA reduces your account security. Only do this if necessary.

## Password Security

### Strong Password Requirements

* Minimum 8 characters
* Mix of uppercase and lowercase letters
* Include numbers and special characters
* Avoid common words or personal information

### Changing Your Password

1. Go to **Account** → **Security**
2. Click **Change Password**
3. Enter current password
4. Enter new password twice
5. Save changes

### Password Recovery

If you forget your password:

1. Go to login page
2. Click **Forgot Password**
3. Enter your email address
4. Check email for reset link
5. Create a new password

## API Keys

API keys allow programmatic access to your account.

### Managing API Keys

1. Go to **Account** → **API Keys**
2. Click **Generate New Key**
3. Copy and save the key immediately (shown only once)
4. Set appropriate permissions

### API Key Best Practices

* **Never share** your API keys
* Use separate keys for different applications
* Revoke unused keys
* Monitor API usage regularly
* Limit key permissions to what's needed

### Key Limits

* Maximum **3 API keys** per account
* Keys can be revoked anytime

## SSH Keys

SSH keys provide secure, passwordless access to rented servers.

### Adding SSH Keys

1. Go to **Account** → **SSH Keys**
2. Click **Add Key**
3. Paste your public key
4. Give it a descriptive name
5. Save

### SSH Key Limits

* Maximum **3 SSH keys** per account
* Keys are automatically deployed to new rentals

## Login Sessions

### Active Sessions

View and manage your active login sessions:

1. Go to **Account** → **Security**
2. View **Active Sessions**
3. Revoke any suspicious sessions

### Session Limits

* Maximum **50 active sessions** per account
* Sessions auto-expire after **14 days** of inactivity

## Security Best Practices

### Do's

* Enable 2FA immediately after registration
* Use a unique password for Clore.ai
* Regularly review active sessions
* Keep your email account secure
* Log out on shared devices

### Don'ts

* Never share your password or 2FA codes
* Don't use the same password on multiple sites
* Never give API keys to untrusted applications
* Don't ignore suspicious login notifications

## If Your Account is Compromised

1. **Change password immediately**
2. **Revoke all active sessions**
3. **Regenerate API keys**
4. **Enable 2FA** if not already enabled
5. **Contact support** on [Discord](https://discord.gg/clore-ai)
6. **Review recent transactions** for unauthorized activity

## Contact Security Team

For security concerns or to report vulnerabilities:

* Discord: [discord.gg/clore-ai](https://discord.gg/clore-ai) (use #support channel)
* Email: Check official channels for security contact