Security

The security of your website and email inboxes is important to us. Here we have put together some important information to ensure that your hosting package cannot be misused.

Passwords

The use of secure passwords has the highest priority. If insecure passwords are used, all other protective measures are ineffective. It is essential that you observe the following basic rules when selecting passwords:

At least 15-20 characters long
Mixture of upper and lower case letters, numbers and special characters
Do not include any personal data (e.g. date of birth, name, year). Example of a bad password for a soccer club => Fu$ball1968
Every user should have their own password - do not share passwords!
Do not pin passwords to the screen on Post-It notes or leave them under the desk pad
Change passwords every 6-12 months
Never use the same password to log in to different services or websites

For the last point, it is advisable to use password manager software (who can remember all the different passwords?). The programs 1Password or KeePass are recommended. After entering a master password, the user is automatically logged in to the respective website. The database with the passwords can also be synchronized between different systems (Windows, Mac, iOS, Android).

Keep software up to date

We keep our server software (Linux, PHP, MySQL, Apache, utilities) up to date and security updates are installed promptly. So you don't have to worry about this yourself.

The TYPO3 versions pre-installed by us are automatically updated by us, provided they are officially supported and not outdated.

However, if you install other software (e.g. WordPress, Joomla, Drupal, Contao), you should always keep it up to date. Security updates in particular must be installed promptly.

Do not use FTP to transfer files

FTP (File Transfer Protocol) offers the possibility of exchanging files between your own computer and the web server (the homepage). With FTP, however, the transfer of data is always unencrypted, including user name and password.

As an alternative, we offer the use of SFTP (Secure File Transfer Protocol). Here, all data is encrypted before transmission.

In general, when using these programs, access should be restricted to the directory required to exchange the data.

Multi-factor authentication in Classic Hosting

In the following instructions, we will show you how to set up MFA (multi-factor authentication) in your Classic package for your customer menu.

Step 1: Log in to the customer menu

First you have to log in to your customer menu. You can find the login here:

LOGIN

You will need your customer number and the customer menu password to log in.

Step 2:

To activate multi-factor authentication, you must click on "Change password" under "Overview".

MFA-Classic_Overview — Menu item Overview in Classic Hosting

Step 3: Checking the MFA status

The MFA status is now displayed on the page. If it has not yet been activated, it will say:

"Two-factor authentication not activated"

Please click on "Activate".

MFA Classic status — Status of the MFA in Classic Hosting

Step 4: Select the MFA method

On the next page, you can now select the MFA method. Here you have the choice between:

1. Via Authenticator App
2. By email

Our instructions show you the most common way with the Authenticator app.

MFA Classic Method — Method for setting up the MFA.

Step 5: Scan the QR code with the Authenticator app

After you have clicked on "Via Authenticator App", the QR code will now be displayed. You can now scan this with your Authenticator app and the new login will be added to your list.

Note: No confirmation that the MFA has now been set up appears in the customer menu. Reloading the "Change password" page will then show that the MFA has been activated.

You will then be asked for the MFA code the next time you log in.

MFA Classic QR code — Display of the QR code for MFA in Classic Hosting

Updated: 04.08.2025