Security

The Security page of your account lets you configure two-factor authentication and view the SSH keys, SSL certificates, and security history of your account.

Note
Personal access tokens for the DigitalOcean API and access keys for Spaces are generated and managed on the Applications and API page of the control panel.

Two-Factor Authentication

Using two-factor authentication with a username and password-based login adds an additional layer of security against unauthorized access to your account. Even if a bad actor gains access to your password, for example, they still can’t access anything without also having your phone.

Note
If you use Google or GitHub SSO, you will not see the two-factor authentication section because you are not using a username and password on your DigitalOcean account. Instead, we strongly recommend that you enable two-factor authentication on the Google or GitHub account you use to log in to DigitalOcean.

In the two-factor authentication section, you can:

  • Enable two-factor authentication.
  • Choose between SMS or an Authenticator App as the authentication method.
  • Enable a backup method for when you don’t have access to your phone.
  • Choose between using SMS to another phone number or backup codes as your backup method.
  • Disable two-factor authentication.

You can find more detailed instructions in our two-factor authentication documentation.

SSH Keys

SSH keys provide a more secure way to log in to your Droplet. We recommend them for all users.

In this section, you can upload an SSH public key to your account and name it. Once you’ve added a key, you can select it during Droplet creation to automatically add it to new Droplets. You can also add SSH keys directly to existing Droplets.

For more detailed instructions, see our SSH key documentation:

Certificates

Some product features, like load balancer SSL termination and custom Spaces CDN endpoints, require SSL certificates. The certificates section of your account security page lets you manage the SSL certificates uploaded to your account.

You can use our Let’s Encrypt integration to create fully-managed SSL certificates. You can also manually upload custom certificates or certificates from a commercial certificate authority.

Learn more in our SSL certificate management documentation.

Security History

The security history shows a record of actions that have been taken in your account, like user logins, resource creation and deletion, and password changes. It also includes the IP address of the device where the action originated and how long ago the action happened. Hover over the value in the Time column, like 1 month ago, to see the specific date and time of the event, like Fri, Nov 2 2018 at 3:31pm.