Account Security Best Practices
Your Aserver account has access to servers and payment methods. Protecting it should be a priority. Here are the practices we recommend.
Use a Strong, Unique Password
Use a password that is at least 12 characters and unique to Aserver — do not reuse passwords from other services. Consider using a password manager like Bitwarden (free) or 1Password.
Enable Two-Factor Authentication
This is the single most effective security measure. Go to Profile → Two-Factor Authentication and enable either Email OTP or Google Authenticator. We strongly recommend Google Authenticator as it is not vulnerable to SIM-swap attacks.
Use a Secure Email Address
Your Aserver account is only as secure as the email address attached to it. Use an email provider with 2FA of its own (Gmail, Outlook, Proton Mail).
Be Aware of Phishing
- Aserver will never ask for your password via email or chat
- Always check that the URL is your configured domain before entering credentials
- Do not click links in unsolicited emails — go directly to the Aserver URL instead
Log Out on Shared Devices
If you access Aserver on a shared or public computer, always click Log Out when finished. Your session is protected by a 1-hour inactivity timeout by default.
Monitor Your Account
Regularly check your order history and wallet transactions for any activity you do not recognise. If you see anything suspicious, change your password immediately and contact support.