Guidance on responding to unexpected Vultr verification prompts and security notifications when you havent attempted to log in.
If you receive a verification code or security prompt from Vultr without initiating a login, this typically means someone attempted to sign in to your account from an unrecognized device or browser. This behavior occurs only if Trusted Device Security is enabled on your account. With this feature active, Vultr requires an additional verification step to confirm identity whenever a login attempt is made from a device or location that hasn't been previously verified.
To protect your account, follow these steps:
Immediately change your password by logging into Vultr Console and updating your account password. Choose a strong, unique password, ideally a mix of uppercase, lowercase, numbers, and special characters to prevent brute-force or credential-stuffing attacks.
Enable Two-Factor Authentication (2FA) for your Vultr account using a supported Time-based One-Time Password (TOTP) authenticator app like Google Authenticator or YubiKey. This adds a second layer of security by requiring a time-sensitive code on top of your password during login.
Generate emergency backup codes for Two-Factor Authentication. These one-time-use login codes can help you regain account access if you lose access to your authenticator app.
If suspicious activity continues, contact our Support Team at support@vultr.com from your registered email address.