Account security and passwords (2024)

Last updated: February 28, 2024

HubSpot offers many ways to secure your account. From password security to best login practices, learn about your options for keeping your HubSpot account safe.


Learn how to reset your password, HubSpot's automatic password resets, and how HubSpot prevents leaked passwords from being used in your account.

Please note:

  • When creating a new password, it's not possible set your own password complexity requirements. However, if you have an Enterprise subscription with single sign-on (SSO) set up and required, HubSpot will use the SSO provider's password requirements instead.
  • HubSpot doesn't expire passwords, and doesn't track previous passwords used.

Reset your HubSpot account password

If you need to reset your password, clickForgotmy password on the login page and follow the steps to reset your password. Learn more aboutresetting your password in HubSpot.If you still aren't able to log in after resetting your password, follow these troubleshooting stepsto resolve the issue.

Proactive password resets

For security reasons, HubSpot checks your password against publicly leaked passwords. When the password you're using matches a password that has been publicly leaked, HubSpot will prevent you from logging in, then send you a password reset email. This protects your account from bad actors who have access to publicly leaked passwords.

When you receive the email, click Visit your HubSpot account and update your password at the bottom of the email and continue to update your password. Once your password is updated, you should be able to log into your HubSpot account.

Account security and passwords (1)

Password creation for new accounts

When creating a password for a new HubSpot account, HubSpot will check the password against publicly leaked passwords. If HubSpot detects a match to a leaked password, you'll see the following error message: Please choose a different password. This has been identified as a risky password.

Account security and passwords (2)

To protect your account, HubSpot won't allow you to use this password, as it's a commonly known password on the internet. This doesn't mean that any of your other internet accounts have been compromised, but it's recommended that you change this password if you're using it elsewhere.

Failed password login attempts

After 10 consecutive failed login attempts, HubSpot will send a password reset email to your user email. Learn more aboutresetting your password in HubSpot.

Improving password security

For better HubSpot account security, consider the following:

  • Use a password manager, includingpassword generators/managers in your browser (e.g., Chrome, Safari). To learn more about why a password manager may be helpful, check out HubSpot's blog post about keeping your online data secure.
  • Use a unique password for your HubSpot account. Having a unique password for HubSpot increases account security in the event that one of your passwords is breached.

Two-factor authentication

Two-factor authentication (2FA) adds an extra layer of security to your HubSpot account. With 2FA enabled, you will be asked to confirm your login on your mobile device. Because a physical device is required to confirm your login, it greatly lowers the risk of an intruder gaining access to your account.

If you are a super admin or have permissions to edit account defaults,you can require two-factor authentication for all users in the account.

Learn how to set up two-factor authentication.

Single sign-on (Enterprise only)

Single sign-on (SSO) is a feature available for Enterprise accounts that allows you to integrate your existing SSO for logging in to HubSpot. With SSO enabled, you will be asked to confirm your login with a login confirmation email or through using two-factor authentication.

Learn how to set up single sign-on with HubSpot.

Login confirmation

HubSpot offers an array of automatic security measures for your account, including detecting login attempts from new browsers or devices. Super admins can limit HubSpot account access to trusted IP addresses. When HubSpot doesn't recognize the browser or device that you're logging in from, you'll be prompted to confirm your identity through an emailed verification code. You'll also see this confirmation when logging in after clearing your browser cookies.

This confirmation is separate from one you'd receive when logging in with two-factor authentication. Once you confirm your login, you can continue to use HubSpot as normal.

To confirm your login:

  • After entering your login credentials, you'll be redirected to a page that will prompt you for a verification code.
  • Access the email inbox associated with your HubSpot account to retrieve the verification code. HubSpot support cannot provide this code for you.
  • On the verification page, enter thecode, and clickLog in.

If you're asked to confirm your login often, consider enabling two-factor authentication. With 2FA enabled, you can verify your login with your mobile device instead of email. You'll then have the option to prevent login confirmations for 30 days by selecting Don't ask me again on this computerwhen logging in.

Account security and passwords (3)

If you don't receive a login confirmation code in your inbox, try the following troubleshooting steps:

  • Check your spam or junk folders to see if your email provider filtered them out of your main inbox.
  • If the email isn't in your spam or junk folder, ensure that your inbox is set up to accept emails from HubSpot.
If you no longer have access to your email inbox, or the email address is no longer valid, you'll need to work with your team to add a new user for your current email address.

More resources

For more information on HubSpot account security, check out the resources below:

  • Learn more about HubSpot's security practices.
  • Learn more about keeping your online data secure, in HubSpot and beyond.

Account security and passwords (2024)


Top Articles
Latest Posts
Article information

Author: Gregorio Kreiger

Last Updated:

Views: 6328

Rating: 4.7 / 5 (77 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Gregorio Kreiger

Birthday: 1994-12-18

Address: 89212 Tracey Ramp, Sunside, MT 08453-0951

Phone: +9014805370218

Job: Customer Designer

Hobby: Mountain biking, Orienteering, Hiking, Sewing, Backpacking, Mushroom hunting, Backpacking

Introduction: My name is Gregorio Kreiger, I am a tender, brainy, enthusiastic, combative, agreeable, gentle, gentle person who loves writing and wants to share my knowledge and understanding with you.