Account Security
Password
Use a strong, unique password (12+ characters, mix of letters, numbers, and symbols).
Two-Factor Authentication (MFA)
- Go to Settings > Security
- Click Enable MFA
- Set up an authenticator app (Google Authenticator, Authy, etc.)
Save your recovery codes. You’ll need them if you lose access to your authenticator app.
Server Security
Use SSH Keys
SSH keys are more secure than passwords. See SSH Keys.
Keep OS Updated
sudo apt update && sudo apt upgrade -y
Firewall
Open only the ports your application requires. The example below shows SSH, HTTP, and HTTPS:
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
Always allow SSH (port 22) before enabling the firewall.
Disable Root Login (Optional)
adduser yourusername
usermod -aG sudo yourusername
mkdir -p /home/yourusername/.ssh
cp ~/.ssh/authorized_keys /home/yourusername/.ssh/
chown -R yourusername:yourusername /home/yourusername/.ssh
sudo sed -i 's/^PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo systemctl restart ssh
Verify you can log in as the new user before disabling root login.
