Account Security

Protect your Clore.ai account with these security features and best practices.

Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security to your account.

How to Enable 2FA

1. Go to Account → Security

2. Click Enable 2FA

3. Scan the QR code with your authenticator app:

   • Google Authenticator

   • Authy

   • Microsoft Authenticator

4. Enter the 6-digit code from your app

5. Save your backup codes securely

Backup Codes

When enabling 2FA, you'll receive backup codes. Store these safely!

• Each code can only be used once

• Use them if you lose access to your authenticator

• Generate new codes if you run out

Disabling 2FA

1. Go to Account → Security

2. Click Disable 2FA

3. Enter your current 2FA code

4. Confirm the action

Warning: Disabling 2FA reduces your account security. Only do this if necessary.

Password Security

Strong Password Requirements

• Minimum 8 characters

• Mix of uppercase and lowercase letters

• Include numbers and special characters

• Avoid common words or personal information

Changing Your Password

1. Go to Account → Security

2. Click Change Password

3. Enter current password

4. Enter new password twice

5. Save changes

Password Recovery

If you forget your password:

1. Go to login page

2. Click Forgot Password

3. Enter your email address

4. Check email for reset link

5. Create a new password

API Keys

API keys allow programmatic access to your account.

Managing API Keys

1. Go to Account → API Keys

2. Click Generate New Key

3. Copy and save the key immediately (shown only once)

4. Set appropriate permissions

API Key Best Practices

• Never share your API keys

• Use separate keys for different applications

• Revoke unused keys

• Monitor API usage regularly

• Limit key permissions to what's needed

Key Limits

• Maximum 3 API keys per account

• Keys can be revoked anytime

SSH Keys

SSH keys provide secure, passwordless access to rented servers.

Adding SSH Keys

1. Go to Account → SSH Keys

2. Click Add Key

3. Paste your public key

4. Give it a descriptive name

5. Save

SSH Key Limits

• Maximum 3 SSH keys per account

• Keys are automatically deployed to new rentals

Login Sessions

Active Sessions

View and manage your active login sessions:

1. Go to Account → Security

2. View Active Sessions

3. Revoke any suspicious sessions

Session Limits

• Maximum 50 active sessions per account

• Sessions auto-expire after 14 days of inactivity

Security Best Practices

Do's

• Enable 2FA immediately after registration

• Use a unique password for Clore.ai

• Regularly review active sessions

• Keep your email account secure

• Log out on shared devices

Don'ts

• Never share your password or 2FA codes

• Don't use the same password on multiple sites

• Never give API keys to untrusted applications

• Don't ignore suspicious login notifications

If Your Account is Compromised

1. Change password immediately

2. Revoke all active sessions

3. Regenerate API keys

4. Enable 2FA if not already enabled

5. Contact support on Discord

6. Review recent transactions for unauthorized activity

Contact Security Team

For security concerns or to report vulnerabilities:

• Discord: discord.gg/clore-ai (use #support channel)

• Email: Check official channels for security contact