When you create a DigitalOcean account, you can choose to sign up with an email address or with Google or GitHub single sign-on (SSO).
When you create a DigitalOcean account using your email and password, we protect it with device verification by default. This only applies to email and password sign-ins without 2FA and does not apply to GitHub or Google SSO.
Each time you sign in from a new location using a new device or a different web browser, we email an authorization code to the email address you use to sign in or send an SMS to the phone number you provided.
This process means that a bad actor would need to have compromised your device or email account as well as your DigitalOcean account to log in. This increases the difficulty for would-be attackers and provides you with notification if someone is trying to access your account.
To further protect your account, set up two-factor authentication.
Learn more about DigitalOcean account management or read on to start building.
When you build on DigitalOcean, you can have full control of your infrastructure (with products like Droplets and reserved IPs) or let us handle the infrastructure for you (with products like App Platform, DigitalOcean Load Balancers, and managed databases).