Enable 2FA and Lock Down Your Account
Endercloud staff can't touch your files. That makes your account the only attack surface.
The Trust Model
Endercloud enforces strict data sovereignty, no staff member can read, write, download, or modify your server files. Your custom plugins, bot source, and user databases stay yours.
The flip side: if someone compromises your account, we can't roll the attacker back at the platform level. You are the perimeter.
Mandatory Hardening
- Enable 2FA on the billing panel and the game panel. Both are separate logins
- Use an authenticator app (Aegis, 2FAS, Authy). Avoid SMS, SIM-swappable
- Use a password manager with a unique password per service
- Watch for session cookie hijacking, never paste your cookies into a "support" tool
- Review the audit log in the panel monthly, anything you didn't do is a red flag
What 2FA Actually Stops
- Credential-stuffing from leaked passwords
- Casual phishing pages that capture only username + password
- Does not stop session-token theft via malware on your own machine. Keep your endpoint clean
Enable It Now
- 1Billing panel ā Account ā Security ā Two-Factor Authentication
- 2Scan the QR code in your authenticator app
- 3Save the backup codes somewhere not on the same device
- 4Repeat for the game panel, different login
Need More Help?
Lost your 2FA device and didn't save backup codes? Open a ticket, recovery requires identity verification.
Was this helpful?
Your feedback helps us write better guides.
Related Articles
More from Security.
How DDoS Protection Works on Endercloud
What's automatic, what isn't, and what to do if you're being targeted.
How to Secure Your Minecraft Server from Attacks
Beyond DDoS, protect against griefers, bots, and account takeovers.
How to Enable Two-Factor Authentication on Your Account
Five minutes of setup blocks 99% of account-takeover attempts.
Still need help?
Our team is on Discord around the clock. Real humans, real answers.