> ## Documentation Index
> Fetch the complete documentation index at: https://docs.breezehost.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# Account Security

> Secure your Breeze Hosting account with two-factor authentication and best practices

Account security is paramount. Breeze Hosting provides tools and guidance to protect your account from unauthorized access.

## Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security by requiring a second verification method when you log in.

### Why Enable 2FA?

<Check>Protects against password theft or data breaches</Check>
<Check>Prevents unauthorized account access even if your password is compromised</Check>
<Check>Required for administrative accounts and high-privilege access</Check>
<Check>Takes less than a minute to enable</Check>

### Setting Up 2FA

#### Using an Authenticator App (Recommended)

<Steps>
  <Step title="Go to Security Settings">
    Log in to [dash.breezehost.xyz](https://dash.breezehost.xyz), navigate to Account Settings, and find "Security" or "Two-Factor Authentication"
  </Step>

  <Step title="Click Enable 2FA">
    Look for "Set Up Two-Factor Authentication" or "Enable 2FA"
  </Step>

  <Step title="Choose Authentication Method">
    Select "Authenticator App" (Time-based One-Time Password)
  </Step>

  <Step title="Install Authenticator App">
    If you don't have one, download a free authenticator app:

    * Google Authenticator (iOS, Android)
    * Microsoft Authenticator (iOS, Android)
    * Authy (iOS, Android, desktop)
    * Bitwarden (iOS, Android, desktop)
  </Step>

  <Step title="Scan QR Code">
    In your authenticator app, select "Add Account" or "+" and scan the QR code shown on your screen
  </Step>

  <Step title="Verify Code">
    Enter the 6-digit code from your authenticator app into the "Verification Code" field
  </Step>

  <Step title="Save Backup Codes">
    The system will provide 8-10 backup codes. Save these in a secure location. You'll need them if you lose access to your authenticator app.
  </Step>

  <Step title="Confirm">
    Click "Enable 2FA" to activate two-factor authentication
  </Step>
</Steps>

### Logging In with 2FA

Once enabled, here's what happens when you log in:

<Steps>
  <Step title="Enter Credentials">
    Log in with your email and password as usual
  </Step>

  <Step title="Enter 2FA Code">
    You'll be asked for a 6-digit code from your authenticator app
  </Step>

  <Step title="Open Authenticator App">
    Open your authenticator app and find the code for Breeze Hosting
  </Step>

  <Step title="Enter Code">
    Type the 6-digit code into the prompt and click "Verify"
  </Step>

  <Step title="Access Granted">
    You'll be logged in and taken to your account dashboard
  </Step>
</Steps>

<Tip>
  Codes expire after 30 seconds. If it expires before you enter it, wait for the next code to appear in your app.
</Tip>

### Backup Codes

Backup codes let you log in if you lose access to your authenticator app.

**Important:**

* Save your backup codes in a safe location (password manager, printed paper, encrypted file)
* Each code can only be used once
* Once all backup codes are used, you'll need to reset 2FA

#### Using a Backup Code

<Steps>
  <Step title="Go to Login Page">
    Visit [dash.breezehost.xyz](https://dash.breezehost.xyz)
  </Step>

  <Step title="Log In with Email/Password">
    Enter your credentials and click "Log In"
  </Step>

  <Step title="See 2FA Prompt">
    When asked for your authenticator code, look for "Use backup code" or "Can't access your app?"
  </Step>

  <Step title="Enter Backup Code">
    Type in one of your backup codes (it may be in a format like: XXXX-XXXX-XXXX)
  </Step>

  <Step title="Access Granted">
    You'll be logged in. One backup code has been used.
  </Step>
</Steps>

### Disabling 2FA

If you need to turn off two-factor authentication:

<Steps>
  <Step title="Go to Security Settings">
    Log in and navigate to Account Settings > Security
  </Step>

  <Step title="Find 2FA Settings">
    Look for "Two-Factor Authentication" or "2FA"
  </Step>

  <Step title="Click Disable">
    Click "Disable 2FA" or "Turn Off 2FA"
  </Step>

  <Step title="Confirm Your Password">
    Enter your password to confirm this action
  </Step>

  <Step title="Confirm Disabling">
    Click "Disable" to turn off two-factor authentication
  </Step>
</Steps>

<Warning>
  Disabling 2FA reduces your account security. Only disable it if necessary, and re-enable it as soon as possible.
</Warning>

## Password Security

Your password is your first line of defense against unauthorized access.

### Password Best Practices

<Check>Use at least 12 characters (16+ is ideal)</Check>
<Check>Include uppercase letters (A-Z) and lowercase letters (a-z)</Check>
<Check>Add numbers (0-9)</Check>
<Check>Include special characters (!@#\$%^&\*)</Check>
<Check>Avoid common phrases, dictionary words, or personal information</Check>
<Check>Never reuse passwords across different accounts</Check>
<Check>Change your password regularly (every 90 days)</Check>
<Check>Use a password manager to generate and securely store passwords</Check>

### Password Examples

<Frame>
  | Weak Password | Strong Password           |
  | ------------- | ------------------------- |
  | password123   | Tr0p1c\@l\_Sun\$et#2024!  |
  | breezhosting  | B33z3\_Ht\$ng\_P\@ssw0rd! |
  | 12345678      | Q9#mK\&xL2\$vN\@7pR%wT!   |
</Frame>

### Changing Your Password

<Steps>
  <Step title="Log In to Your Account">
    Go to [dash.breezehost.xyz](https://dash.breezehost.xyz)
  </Step>

  <Step title="Go to Account Settings">
    Click your profile icon and select "Settings"
  </Step>

  <Step title="Find Security Section">
    Look for "Password" or "Change Password"
  </Step>

  <Step title="Click Change Password">
    Click the "Change Password" button
  </Step>

  <Step title="Verify Current Password">
    Enter your current password to confirm your identity
  </Step>

  <Step title="Enter New Password">
    Type your new, strong password
  </Step>

  <Step title="Confirm New Password">
    Re-enter the new password to confirm
  </Step>

  <Step title="Save">
    Click "Change Password" to apply the change
  </Step>
</Steps>

## Session Management

Monitor and control your active login sessions.

### Viewing Active Sessions

<Steps>
  <Step title="Go to Security Settings">
    Navigate to Account Settings > Security
  </Step>

  <Step title="Find Active Sessions">
    Look for "Active Sessions" or "Login History"
  </Step>

  <Step title="Review Sessions">
    You'll see:

    * Device/browser used
    * Location (IP address)
    * Login date and time
    * Last activity
  </Step>
</Steps>

### Logging Out of Other Sessions

If you see suspicious activity or want to log out all other devices:

<Steps>
  <Step title="Go to Active Sessions">
    In Security Settings, find "Active Sessions"
  </Step>

  <Step title="Click Log Out">
    Next to the session you want to end, click "Log Out" or "End Session"
  </Step>

  <Step title="Confirm">
    Confirm that you want to end the session
  </Step>
</Steps>

<Tip>
  "Log Out All Sessions" will log you out of all devices and require you to log back in on your current device. Use this if you suspect account compromise.
</Tip>

## Account Activity Log

Review everything that happens on your account for security monitoring.

<Steps>
  <Step title="Open Account Settings">
    Log in and go to Account Settings
  </Step>

  <Step title="Find Activity Log">
    Look for "Activity Log" or "Account History"
  </Step>

  <Step title="Review Activities">
    You'll see:

    * Login attempts (successful and failed)
    * Password changes
    * 2FA changes
    * Email changes
    * Services created/modified
    * API key creation
  </Step>
</Steps>

### What to Look For

* **Unexpected login locations**: If you see logins from places you've never been
* **Unexpected password changes**: If someone changed your password without you
* **Failed login attempts**: Multiple failed attempts suggest someone trying to access your account
* **Unknown API keys**: Keys you don't recognize or didn't create

### Suspicious Activity?

If you notice unauthorized activity:

1. **Change your password immediately** to a new, strong password
2. **Review linked accounts** and disconnect anything suspicious
3. **Check active sessions** and log out unknown devices
4. **Enable 2FA** if not already active
5. **Contact support**: Email [support@breezehost.xyz](mailto:support@breezehost.xyz) with details

## Recovery Email and Phone

Set up recovery methods for account access.

### Adding a Recovery Email

<Steps>
  <Step title="Go to Account Settings">
    Log in and navigate to Account Settings
  </Step>

  <Step title="Find Recovery Email">
    Look for "Recovery Email" or "Account Recovery"
  </Step>

  <Step title="Add Email">
    Click "Add Recovery Email" and enter a secondary email address
  </Step>

  <Step title="Verify Email">
    A verification link will be sent to that email. Click it to confirm.
  </Step>
</Steps>

<Info>
  Use a recovery email that's separate from your primary account email. This ensures you can regain access even if your main email is compromised.
</Info>

## Account Compromise

If you suspect your account has been compromised:

### Immediate Actions

<Steps>
  <Step title="Change Your Password">
    Use a different device if possible. Create a new, strong password.
  </Step>

  <Step title="Enable 2FA">
    Set up two-factor authentication if not already enabled
  </Step>

  <Step title="Review Sessions">
    Check active sessions and log out all devices except the one you're on
  </Step>

  <Step title="Check Linked Accounts">
    Disconnect Discord or other integrations if they seem suspicious
  </Step>

  <Step title="Review Activity Log">
    Look for any unauthorized changes or access
  </Step>
</Steps>

### Contact Support

If you can't regain control of your account:

* **Email support immediately**: [support@breezehost.xyz](mailto:support@breezehost.xyz)
* **Use a different email**: If your account email is compromised, contact from a different address
* **Provide details**: Explain what happened and what suspicious activity you noticed
* **Our team will help**: We can verify your identity and help secure your account

## Security Checklist

Use this checklist to ensure your account is properly secured:

<Accordion title="Security Checklist">
  <Check>Strong, unique password (12+ characters, mixed case, numbers, symbols)</Check>
  <Check>Two-factor authentication enabled</Check>
  <Check>Backup codes saved in a secure location</Check>
  <Check>Recovery email address configured</Check>
  <Check>No unnecessary linked accounts (Discord, etc.)</Check>
  <Check>Regular password changes (every 90 days)</Check>
  <Check>Reviewed activity log recently</Check>
  <Check>All active sessions are recognized</Check>
  <Check>No suspicious API keys</Check>
  <Check>Updated contact information in case of account issues</Check>
</Accordion>

## Additional Security Resources

* **Password Manager**: Use tools like Bitwarden, 1Password, or LastPass
* **Authenticator App**: Google Authenticator, Microsoft Authenticator, or Authy
* **Email Security**: Keep your primary email secure as it's used for account recovery
* **Device Security**: Keep your computer and phone updated and protected with antivirus software

## Need Help?

For security concerns or assistance:

* **Discord**: Open an urgent ticket in our [support server](https://discord.gg/breezehost)
* **Email**: [support@breezehost.xyz](mailto:support@breezehost.xyz) - mark as "Security Issue"
* **Immediate assistance**: Contact support immediately if you suspect a breach
