Manage your account security in the HubSpot Security Center

In HubSpot's Security Center, you can review a checklist of security criteria to understand how well-protected your HubSpot account is from security incidents. The Security Center provides a score, and if a security measure needs improvement, you can click links in the scoring criteria to resolve any security risks. The score can then be recalculated to reflect the improvements in your account’s security score.

Access the HubSpot Security Center

• In your HubSpot account, click the settings settings icon in the main navigation bar.
• In the left sidebar menu, navigate to Account Defaults > Security.
• Click the Visit the Security Center button at the top of the screen.
• The Security Center screen will display your Security Rating percentage and the security measure criteria. The rating system will rate you with Good or Please review for each of the security measures.

• To resolve the scoring criteria, click Resolve next to the rating that says Please review. To review the security measures rated as Good, click View. 

What is the scoring criteria?

• Is two-factor authentication (2FA) required for your account?: Two-factor authentication (2FA) is the best way to protect your HubSpot account from unauthorized access, and is required for all Starter, Professional, and Enterprise accounts. If you are on a free account, learn how to require 2FA in your HubSpot account.
• What percentage of users have 2FA set up?: The more users who use 2FA, the more your account is protected from unauthorized access. 
• How many super admins does your account have?: A lower number of super admins ensures that the risk of users taking risky actions is reduced. Learn how to manage your super admin permissions to determine if any can be removed.
• What percentage of your users are super admin?: A low percentage of super admins compared to overall users ensures that you aren't giving too many permissions to users that could cause risk. 
• Do you have any partner users who are super admin?: Making partner users super admins allows them to view and manage billing, add and delete users, and perform tasks that could add risk to your account. As with any other user, a lower number of super admins reduces security risks. Learn how to manage partner user permissions to determine if any can be removed as super admin.
• How many inactive users does your account have?: Only users who need access to your HubSpot account should be able to access it. HubSpot considers users inactive if they have not logged on in the past 90 days. Learn how to remove or deactivate users.
• How many inactive private apps does your account have?: Having less than one private app inactive will help ensure your account only has apps that are being used correctly. Learn how to uninstall apps.