How do I secure my Linode account?

Linode Staff
Right now I just access my Linode Manager account with only a username and password. I would like to improve the security on my account, but I'm not sure what I can do to accomplish this. What steps would you recommend?

3 Replies

There are a few things that you can do to secure your Linode account.

2FA or Two-Factor Authentication

Two-factor authentication increases the security of your Linode Manager account by requiring two forms of authentication: something you have, and something you know. You’re already familiar with this concept if you’ve ever used a debit card at an ATM. The debit card is something you have, and the PIN access code is something you know. You need both the debit card and the PIN to access your bank account.

IP Address Whitelisting

The IP Address Whitelist feature protects your Linode Manager account from unauthorized access attempts by accepting connections only from the IP addresses you specify. It’s easy to use. Just enable the feature, add your IP address, and log in. If you ever attempt to log in from an IP address that is not on the whitelist, you’ll receive an email notification — you can click the link in the email message to add the new IP address to the whitelist.

Security Event Notifications

By default, the Linode Manager automatically notifies you via email when any Linode jobs are added to the Host Job Queue. Referred to as event notifications, this security control can help you monitor your Linode Manager account’s activity. You can also subscribe to an RSS feed, or disable email event notifications entirely. This section shows you how to configure event notifications.

Force Password Expirations

Some organizations have policies that require users to change their passwords every so often. The Linode Manager can be configured to force users to change their passwords every 1, 3, 6, or 12 months.

For more information on how to setup these features on your account, please see our full guide on this topic.

https://linode.com/docs/security/linode-manager-security-controls/

I'd like to make an update to the above information -

IP Whitelisting is no longer a feature of the Cloud Manager or Linode API. This feature has been deprecated as of May 2019.

A few additional measures have since been implemented to further keep your account secure since that time. We have implemented features that will prompt you to enter a One Time Passcode when logging in from an untrusted device, a new IP address, or after a period of inactivity on your account to reduce the likelihood of a compromise, even if someone had access to your credentials.

One of the best measures to use is still, in my opinion, Two Factor Authentication as this will greatly reduce the ability for someone to gain unauthorized access to your account. 2FA also will allow you to bypass the OTP codes when signing yourself in from new devices.

I'd like to make another update and provide our most recent Community Post on how you can further secure your account:

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct