Logo

Account Security & Access Control

Your hosting account holds the keys to your entire digital infrastructure. A compromised hosting account means compromised domains, databases, and customer data. This guide outlines the mandatory steps required to lock down your KairoHost LLC account against social engineering and unauthorized access.

Authentication Security

Password reuse is the number one cause of account compromises. Because hosting panels are high-value targets, you must treat your KairoHost LLC credentials with the same security rigor as your banking details.

Mandatory 2FA Policy

We highly recommend enforcing Two-Factor Authentication (2FA) for all administrative users. Accounts with 2FA enabled are 99% less likely to be compromised via credential stuffing attacks.

Team Access & Roles (Principle of Least Privilege)

Never share your primary account password with developers, contractors, or staff. Sharing credentials violates security compliance and removes audit trails.

Recommended workflow

  1. Navigate to the 'User Management' section in your KairoHost LLC billing dashboard.
  2. Click 'Invite New User' and enter the team member's email address.
  3. Select the appropriate Role. Give developers technical access only; they do not need access to your billing information or credit cards.
  4. Require the new user to set up their own password and 2FA device upon their first login.
  5. When a contractor finishes their project, immediately revoke their access in the User Management panel.

Notes and best practices

  • Audit your active user list at least once a quarter.
  • If an employee leaves your company, disabling their company email address is not enough—you must revoke their KairoHost LLC session access directly.

API Tokens & SSH Keys

Programmatic access (via APIs) and remote server management (via SSH) must bypass standard web authentication. Therefore, securing the cryptographic keys that allow this access is paramount.

Key Management Best Practices

How to handle programmatic credentials safely.

Never Commit Keys

Never hardcode KairoHost LLC API keys or database passwords in your source code. Use environment variables (like `.env` files) and ensure they are added to your `.gitignore`.

SSH Key Authentication

Disable password-based SSH login entirely. Require cryptographic SSH key pairs (Ed25519 or RSA-4096) for all terminal access.

Rotate Keys Regularly

Generate new API tokens and SSH keys annually. If you suspect a key has been compromised, revoke it immediately from the dashboard.

IP Whitelisting

If your database or API requires external access, restrict connections to specific IP addresses rather than allowing global (0.0.0.0) inbound traffic.

Phishing Awareness

KairoHost LLC support staff will NEVER ask for your account password. If you receive an urgent email claiming your account will be suspended unless you click a link and log in, it is likely a phishing attempt. Always navigate to `kairohost.com` directly in your browser rather than clicking email links.

Incident Response

If you suspect your account, website, or server has been compromised, speed is critical. Follow this immediate triage checklist.

  • Step 1: Secure the Root Account. Log into the KairoHost LLC dashboard immediately, change your primary password, and terminate all active sessions.
  • Step 2: Audit Sub-Users. Check the User Management panel for any unauthorized accounts that the attacker may have created as a backdoor.
  • Step 3: Contact Support. Open an emergency ticket with our Trust & Safety team. Do not attempt to delete infected files yourself initially—we may need them for forensic analysis to determine the entry point.