# Account Security

Protect your Clore.ai account with these security features and best practices.

## Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security to your account.

### How to Enable 2FA

1. Go to **Account** → **Security**
2. Click **Enable 2FA**
3. Scan the QR code with your authenticator app:
   * Google Authenticator
   * Authy
   * Microsoft Authenticator
4. Enter the 6-digit code from your app
5. Save your backup codes securely

### Backup Codes

When enabling 2FA, you'll receive backup codes. **Store these safely!**

* Each code can only be used once
* Use them if you lose access to your authenticator
* Generate new codes if you run out

### Disabling 2FA

1. Go to **Account** → **Security**
2. Click **Disable 2FA**
3. Enter your current 2FA code
4. Confirm the action

> **Warning:** Disabling 2FA reduces your account security. Only do this if necessary.

## Password Security

### Strong Password Requirements

* Minimum 8 characters
* Mix of uppercase and lowercase letters
* Include numbers and special characters
* Avoid common words or personal information

### Changing Your Password

1. Go to **Account** → **Security**
2. Click **Change Password**
3. Enter current password
4. Enter new password twice
5. Save changes

### Password Recovery

If you forget your password:

1. Go to login page
2. Click **Forgot Password**
3. Enter your email address
4. Check email for reset link
5. Create a new password

## API Keys

API keys allow programmatic access to your account.

### Managing API Keys

1. Go to **Account** → **API Keys**
2. Click **Generate New Key**
3. Copy and save the key immediately (shown only once)
4. Set appropriate permissions

### API Key Best Practices

* **Never share** your API keys
* Use separate keys for different applications
* Revoke unused keys
* Monitor API usage regularly
* Limit key permissions to what's needed

### Key Limits

* Maximum **3 API keys** per account
* Keys can be revoked anytime

## SSH Keys

SSH keys provide secure, passwordless access to rented servers.

### Adding SSH Keys

1. Go to **Account** → **SSH Keys**
2. Click **Add Key**
3. Paste your public key
4. Give it a descriptive name
5. Save

### SSH Key Limits

* Maximum **3 SSH keys** per account
* Keys are automatically deployed to new rentals

## Login Sessions

### Active Sessions

View and manage your active login sessions:

1. Go to **Account** → **Security**
2. View **Active Sessions**
3. Revoke any suspicious sessions

### Session Limits

* Maximum **50 active sessions** per account
* Sessions auto-expire after **14 days** of inactivity

## Security Best Practices

### Do's

* Enable 2FA immediately after registration
* Use a unique password for Clore.ai
* Regularly review active sessions
* Keep your email account secure
* Log out on shared devices

### Don'ts

* Never share your password or 2FA codes
* Don't use the same password on multiple sites
* Never give API keys to untrusted applications
* Don't ignore suspicious login notifications

## If Your Account is Compromised

1. **Change password immediately**
2. **Revoke all active sessions**
3. **Regenerate API keys**
4. **Enable 2FA** if not already enabled
5. **Contact support** on [Discord](https://discord.gg/clore-ai)
6. **Review recent transactions** for unauthorized activity

## Contact Security Team

For security concerns or to report vulnerabilities:

* Discord: [discord.gg/clore-ai](https://discord.gg/clore-ai) (use #support channel)
* Email: Check official channels for security contact


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.clore.ai/getting-started/deposit-withdrawal/account-security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.