Security Overview
Managing security within Paperspace.
About Paperspace Security Measures
All aspects of the platform are designed with security as the primary consideration. In today’s environment, knowing that your data is secure and isolated from possible attackers is an essential requirement. Paperspace is built with the mindset that only you have access to your data, and we work tirelessly to engineer solutions that live up to this goal. This happens at the application layer all the way down to our data centers (for our hosted offerings).
- All Paperspace traffic is secured over a fully encrypted channel (SSL/TLS) independent of platform — web, desktop, or mobile.
- Traffic between our database, web servers, API, and internal networks is also encrypted (SSL/TLS)
- Our databases are secured with 256-bit AES or higher.
- We use 2048 bit public keys in our certificates and support only high-strength symmetric ciphers.
Paperspace employs a cloud operations team that monitors all aspects of security 24/7/365.
Steps We Take to Protect Your Account
- Multiple password reset attempts will lock your account.
- We monitor in realtime for threats that could potentially impact our customer's compute resources.
What Steps Can I Take to Protect My Account?
Paperspace offers a few ways for you to secure and protect your account:
- Enable Two-Factor Authentication on your account.
- Use a strong password. Use a password manager or choose a password that is a combination of letters, numbers, and special characters. Hackers often use automation to test common phrases and commonly used passwords, so the longer and more complex, the better.
- Regularly change your password. It's good practice to change your password from time to time.
- Log out if you use Paperspace on a public or shared device.
SSH Keys
SSH keys provide a secure way to remotely access your CORE Linux virtual machines. Learn more about creating and managing SSH keys here.
API Keys
API keys let you interact with Paperspace through the CORE RESTful API, the CORE Javascript SDK, and Gradient command-line utility (CLI). Learn more about creating and managing API keys here.
Secrets
Secrets provide a mechanism to securily store and work with sensitive information (such as an API key) within Paperspace. Learn more about Secrets here.
What to do if someone has gained unauthorized access to your account
How can I tell if my account has been taken over?
If you notice any of the following activity on your account unexpectedly, your account may have been taken over by an unauthorized user:
- Your password no longer works, and you do not receive password reset emails
- The email address associated with your account has changed
- You receive an email that your Paperspace account information has been updated, but you did not initiate any changes
- You receive an email that a machine has been created on your account, but you did not create one
We never display full payment info in the console, so your credit card information is never at risk.
What should I do?
Immediately Reset Your Password
If you are still able to access your account, reset your password immediately. Account takeovers occur because users often recycle passwords or use common phrases. This makes their password less secure and more vulnerable. Reset your password on the Security page with a new, secure password that is not used elsewhere.
Enable Two-Factor Authentication on Your Account.
We offer Two Factor Authentication as an added layer of security for your Paperspace account.
Why Does This Happen?
Account takeovers usually happen due to a breach in another service. If you use the same password for several services, it has likely been compromised.