Account security and passwords
Last updated: February 28, 2024
HubSpot offers many ways to secure your account. From password security to best login practices, learn about your options for keeping your HubSpot account safe.
Learn how to reset your password, HubSpot's automatic password resets, and how HubSpot prevents leaked passwords from being used in your account.
- When creating a new password, it's not possible set your own password complexity requirements. However, if you have an Enterprise subscription with single sign-on (SSO) set up and required, HubSpot will use the SSO provider's password requirements instead.
- HubSpot doesn't expire passwords, and doesn't track previous passwords used.
Reset your HubSpot account password
If you need to reset your password, click Forgot my password on the login page and follow the steps to reset your password. Learn more about resetting your password in HubSpot. If you still aren't able to log in after resetting your password, follow these troubleshooting steps to resolve the issue.
Proactive password resets
For security reasons, HubSpot checks your password against publicly leaked passwords. When the password you're using matches a password that has been publicly leaked, HubSpot will prevent you from logging in, then send you a password reset email. This protects your account from bad actors who have access to publicly leaked passwords.
When you receive the email, click Visit your HubSpot account and update your password at the bottom of the email and continue to update your password. Once your password is updated, you should be able to log into your HubSpot account.
Password creation for new accounts
When creating a password for a new HubSpot account, HubSpot will check the password against publicly leaked passwords. If HubSpot detects a match to a leaked password, you'll see the following error message: Please choose a different password. This has been identified as a risky password.
To protect your account, HubSpot won't allow you to use this password, as it's a commonly known password on the internet. This doesn't mean that any of your other internet accounts have been compromised, but it's recommended that you change this password if you're using it elsewhere.
Failed password login attempts
After 10 consecutive failed login attempts, HubSpot will send a password reset email to your user email. Learn more about resetting your password in HubSpot.
Improving password security
For better HubSpot account security, consider the following:
- Use a password manager, including password generators/managers in your browser (e.g., Chrome, Safari). To learn more about why a password manager may be helpful, check out HubSpot's blog post about keeping your online data secure.
- Use a unique password for your HubSpot account. Having a unique password for HubSpot increases account security in the event that one of your passwords is breached.
Two-factor authentication (2FA) adds an extra layer of security to your HubSpot account. With 2FA enabled, you will be asked to confirm your login on your mobile device. Because a physical device is required to confirm your login, it greatly lowers the risk of an intruder gaining access to your account.
If you are a super admin or have permissions to edit account defaults, you can require two-factor authentication for all users in the account.
Learn how to set up two-factor authentication.
Single sign-on (Enterprise only)
Single sign-on (SSO) is a feature available for Enterprise accounts that allows you to integrate your existing SSO for logging in to HubSpot. With SSO enabled, you will be asked to confirm your login with a login confirmation email or through using two-factor authentication.
Learn how to set up single sign-on with HubSpot.
HubSpot offers an array of automatic security measures for your account, including detecting login attempts from new browsers or devices. Super admins can limit HubSpot account access to trusted IP addresses. When HubSpot doesn't recognize the browser or device that you're logging in from, you'll be prompted to confirm your identity through an emailed verification code. You'll also see this confirmation when logging in after clearing your browser cookies.
This confirmation is separate from one you'd receive when logging in with two-factor authentication. Once you confirm your login, you can continue to use HubSpot as normal.
To confirm your login:
- After entering your login credentials, you'll be redirected to a page that will prompt you for a verification code.
- Access the email inbox associated with your HubSpot account to retrieve the verification code. HubSpot support cannot provide this code for you.
- On the verification page, enter the code, and click Log in.
If you're asked to confirm your login often, consider enabling two-factor authentication. With 2FA enabled, you can verify your login with your mobile device instead of email. You'll then have the option to prevent login confirmations for 30 days by selecting Don't ask me again on this computer when logging in.
If you don't receive a login confirmation code in your inbox, try the following troubleshooting steps:
- Check your spam or junk folders to see if your email provider filtered them out of your main inbox.
- If the email isn't in your spam or junk folder, ensure that your inbox is set up to accept emails from HubSpot.
For more information on HubSpot account security, check out the resources below: