Key2Host LogoKey2Host
Behind The Scenes

Data Security

At Key2Host, security is not a single feature, but a fundamental principle. We protect our platform, secure sensitive data, reduce risks through technical and organizational measures, and create an environment where customer workloads can be operated as securely as possible.
Security QuestionsReport Abuse
Datacenter inside
AI Generated

Security as a Core Principle

Our security approach combines technical safeguards, preventive measures, and responsible operations.
Secure Foundation
Security starts at the foundation. Everything is designed for stability and reliability so you can focus on what matters.
Protection Against Attacks
Our systems detect and block unwanted access early, stopping malicious traffic before it can cause any impact.
Data Handling
We only collect and store the data that is truly necessary. Less data means less risk and greater security for you.
Continuous Monitoring
We continuously monitor our systems, detect anomalies early, and improve our protection mechanisms over time.

Our Approach to Data Security

Our systems and data are protected using modern, security-focused technologies.
Data Security
Our data security is built on encrypted communication, secure storage, and strict data handling principles.
  • End-to-end encrypted communication via HTTPS using modern TLS versions with enforced HSTS.
  • Password hashing with Argon2id (memory-hard: memoryCost approx. 256 MB, timeCost 4, with an additional server-side pepper).
  • Encrypted storage of sensitive tokens (e.g., OAuth).
  • No storage of sensitive plaintext data, especially no server passwords or comparable credentials.
  • Principle of data minimization and purpose limitation.
Access Security
Access to systems is technically secured and intentionally restricted to prevent unauthorized use.
  • Support for modern authentication methods such as passkeys (WebAuthn) for phishing-resistant logins.
  • Two-factor authentication (OTP / TOTP) as an additional security layer.
  • Detection of compromised passwords using known breach databases.
  • Session management with limited lifetime (approx. 24 hours) and regular renewal (approx. every 1 hour).
  • Rate limiting on login and authentication endpoints to mitigate brute-force attacks.
  • API keys for system access instead of password sharing, with fine-grained control and revocation.
Network Security
Our network security is based on a multi-layered architecture combining edge protection, transport encryption, and internal segmentation.
  • Edge protection via Cloudflare (Anycast network, WAF, and DDoS protection).
  • Protection against L3/L4 (TCP SYN, UDP floods) and L7 attacks (HTTP floods, bot traffic) through traffic analysis.
  • Rate limiting and request throttling on API and authentication endpoints.
  • TLS 1.2 and TLS 1.3 enabled, with legacy protocols fully disabled.
  • Modern cipher suites (AES-GCM, ChaCha20-Poly1305) with forward secrecy (ECDHE, x25519).
  • HSTS, OCSP stapling, DNSSEC, and additional technologies for secure end-to-end communication.
Prevention & Monitoring
Security does not end with protection – early detection and fast response are essential.
  • Continuous monitoring of network traffic, login attempts, and system metrics.
  • Analysis of security-related logs to detect unusual patterns.
  • Automated anomaly detection (e.g., unusual access rates or traffic spikes).
  • Automated countermeasures such as IP blocking or dynamic rate limiting.
  • Early detection of abuse, bots, or suspicious behavior.
  • Defined processes for handling security incidents and abuse reports.

What You Can Do

Even the most secure platform cannot compensate for poor security practices. Security is a shared responsibility.
Secure Your Access
Use SSH keys instead of passwords whenever possible, enable two-factor authentication, and avoid sharing credentials. Use long, unique passwords (at least 8 characters, including uppercase, lowercase, numbers, and symbols) and consider using a password manager. Reused or weak passwords are among the most common security risks.
Phishing and Social Engineering
Key2Host will never ask you for passwords or sensitive credentials. Never share such information, especially via email, chat, or phone. Always verify senders and links carefully, as attacks often rely on exploiting trust.
Keep Systems Up to Date
Missing updates are one of the most common causes of compromised systems. Keep your operating system, applications, and dependencies up to date and apply security patches promptly. Outdated software poses unnecessary risks due to known vulnerabilities.
Take Anomalies Seriously
Unusual activity such as unexpected load spikes, failed login attempts, or unknown processes should always be investigated. Regularly review logs and act early to detect and resolve potential attacks or misconfigurations.
Trust Through Responsibility

Security is not a state, but an ongoing process.

We continuously improve our protection mechanisms, processes, and standards. Our goal is not just to promise security, but to implement it in all relevant areas.

Datacenter outside
AI Generated