Improve your account security with login and password best practices

There are multiple ways to keep your HubSpot account secure from unauthorized access. For example, you can create strong passwords, turn on two-factor authentication, and use other security features available in HubSpot. By implementing these password and login best practices, you can better protect your HubSpot account and data from unauthorized access. 

Manage your passwords

Passwords serve as the primary means of protecting your account. Learn how to manage, reset, and improve your password practices in HubSpot.

Understand password security in HubSpot

Reset your HubSpot password

If you need to reset your password, follow these steps to reset your password. 

Proactive password resets

HubSpot employs automatic security measures to protect your account, such as proactive password resets when your password matches a publicly leaked password. Learn more about proactive password resets. 

Best practices for passwords

For better HubSpot account security, consider the following:

• Use a password manager: this includes password generators/managers in your browser (e.g., Chrome, Safari). Learn more about why a password manager may be helpful.
• Use a unique password for your HubSpot account: having a unique password for HubSpot increases account security in the event that one of your passwords is breached.

Set up two-factor authentication (2FA)

Two-factor authentication (2FA) adds an extra layer of security to your HubSpot login when you log in with your email and password. With 2FA turned on, you'll be asked to confirm your login using a separate device, such as a mobile phone. Because a physical device is required to confirm your login, it lowers the risk of an intruder gaining access to your account.

Learn how to set up two-factor authentication.

Set up passkeys

Passkeys use public and private key credentials to securely allow you to log in to your account using a compatible device with biometrics, a PIN code, or a password manager. They are supported by platforms like Google, Apple, and Microsoft, as well as all major third-party password managers and FIDO2 compatible hardware tokens like Yubikey.

Learn how to set up a passkey with HubSpot.

Control login methods and account access

If you’re a Super Admin, you can control access to your account and manage how users log in.

Configure single sign-on (Professional and Enterprise only)

Single sign-on (SSO) is a feature available for Professional and Enterprise accounts that allows you to integrate your existing SSO for logging in to HubSpot. With SSO enabled, you'll be asked to confirm your login with a login confirmation email or using two-factor authentication.

Learn how to set up single sign-on with HubSpot.

Restrict allowed login methods

Super Admins can limit which login methods users can use when setting up or signing into their HubSpot account. Tailor the login types available to your account based on your security needs. For example, if your company uses Google Workspace or Microsoft, you can only allow these login types. 

HubSpot login options include:

• Native HubSpot username and password login.
• Social services log ins (e.g., Google, Microsoft, Apple).
• Single Sign-On for Professional and Enterprise plans.
• Login with passkeys. 

Learn how to restrict which login methods user can use.

Understand login confirmation

HubSpot automatically detects login attempts from new browsers or devices. When HubSpot doesn't recognize the browser or device a user is logging in from, they will be prompted to confirm their identity through an emailed verification code. A confirmation email will also be sent when logging in after clearing browser cookies. Once login is confirmed, the user can continue to use HubSpot as normal.

To confirm your login:

1. After entering your login credentials, you'll be redirected to a page that'll prompt you for a verification code.
2. Access the email inbox associated with your HubSpot account to retrieve the verification code. HubSpot Support cannot provide this code for you.
3. On the verification page, enter the code, and click Log in.

If you're asked to confirm your login often, consider enabling two-factor authentication. With 2FA enabled, you can verify your login with your mobile device instead of email. You'll then have the option to prevent login confirmations for 30 days by selecting Don't ask me again on this computer when logging in. 

If you don't receive a login confirmation code in your inbox, try the following troubleshooting steps:

• Check your spam or junk folders to see if your email provider has filtered them out of your main inbox.
• If the email isn't in your spam or junk folder, ensure that your inbox is set up to accept emails from HubSpot.

If you no longer have access to your email inbox, or the email address is no longer valid, you'll need to contact a Super Admin in your account to add a new user for your current email address.

Secure your HubSpot mobile app

Improve the security of your HubSpot mobile app with device lock.

In your HubSpot mobile app's settings, you can turn on device lock. When you close or leave your HubSpot mobile app, the next time you open the app, you'll be prompted to verify your identity with your mobile device's native biometrics or PIN code.

To enable device lock:

1. Open the HubSpot app on your device.
2. Tap Menu in the bottom navigation menu.
3. At the bottom of the left sidebar, tap the settings icon.
4. Tap to toggle the Device lock setting on.