Skip to content

Account security and passwords

Last updated: April 29, 2025

Available with any of the following subscriptions, except where noted:

All products and plans



There are multiple ways to keep your HubSpot account secure. For example, you can create strong passwords, turn on two-factor authentication, and leverage other security features available in HubSpot. By following password and login best practices, you can better protect your HubSpot account and data from unauthorized access. 

Passwords

Learn how to reset your password, HubSpot's automatic password resets, and how HubSpot prevents leaked passwords from being used in your account.

Please note:

  • When creating a new password, it's not possible to set your own password complexity requirements. However, if you have a Professional or Enterprise subscription with single sign-on (SSO) set up and required, HubSpot will use the SSO provider's password requirements instead. 
  • HubSpot doesn't track previously used passwords.
  • If you switch from using a password to using an alternative method of login (e.g., passkeys or single sign-on (SSO)), you'll receive an email to confirm that your password is eligible for deletion, to mitigate security risks of an old password being exploited. If the password remains unused during the 30 days after you receive the email, it will be deleted. If you go back to using a password in future, you can reset your password.

Reset your HubSpot account password

If you need to reset your password, click Forgot my password on the login page and follow the steps to reset your password. Learn more about resetting your password in HubSpot. If you still can't log in after resetting your password, follow these troubleshooting steps to resolve the issue.

Proactive password resets

For security reasons, HubSpot checks your password against publicly leaked passwords. When the password you're using matches a password that has been publicly leaked, HubSpot will prevent you from logging in. A password reset email will be sent to your user email automatically. This protects your account from bad actors who have access to publicly leaked passwords.

When you receive the email, click Visit your HubSpot account and update your password at the bottom of the email and continue to update your password. Once your password is updated, you should be able to log into your HubSpot account.

Password creation for new accounts

When creating a password for a new HubSpot account, HubSpot will check the password against publicly leaked passwords. If HubSpot detects a match to a leaked password, the following error message will be displayed: Please choose a different password. This has been identified as a risky password.

To protect your account, HubSpot won't allow you to use this password, as it's a commonly known password on the internet. This doesn't mean that any of your other internet accounts have been compromised, but it's recommended that you change this password if you're using it elsewhere.

Failed password login attempts

After 10 consecutive failed login attempts, HubSpot will send a password reset email to your user email. Learn more about resetting your password in HubSpot.

Improving password security

For better HubSpot account security, consider the following:

  • Use a password manager, including password generators/managers in your browser (e.g., Chrome, Safari). Learn more about why a password manager may be helpful.
  • Use a unique password for your HubSpot account. Having a unique password for HubSpot increases account security in the event that one of your passwords is breached.

Two-factor authentication

Two-factor authentication (2FA) adds an extra layer of security to your HubSpot account. With 2FA enabled, you'll be asked to confirm your login on your mobile device. Because a physical device is required to confirm your login, it lowers the risk of an intruder gaining access to your account. 

If you're a Super Admin or have permissions to edit account defaults, you can require two-factor authentication for all users in the account.

Learn how to set up two-factor authentication.

Passkeys

Passkeys use public and private key credentials to securely allow you to log in to your account using a compatible device with biometrics, PIN code or a password manager. They're supported by platforms like Google, Apple, and Microsoft, as well as all major third party password managers and FIDO2 compatible hardware tokens like Yubikey.

Learn how to set up a passkey with HubSpot.

Single sign-on (Professional and Enterprise only)

Single sign-on (SSO) is a feature available for Professional and Enterprise accounts that allows you to integrate your existing SSO for logging in to HubSpot. With SSO enabled, you'll be asked to confirm your login with a login confirmation email or using two-factor authentication.

Learn how to set up single sign-on with HubSpot.

Restrict which login methods users can use

Super Admins can limit which login methods users can use when setting up or signing into their HubSpot account. Tailor the login types available to your account based on your security needs. For example, if your company uses Google Workspace or Microsoft, you can only allow these login types. 

HubSpot login options include:

  • Native HubSpot username and password login.
  • Social services log ins (e.g., Google, Microsoft, Apple).
  • Single Sign-On for Professional and Enterprise plans.

Learn how to restrict which login methods user can use.

Login confirmation

There are a number of automatic security measures available for your account, including detecting login attempts from new browsers or devices. Super Admins can limit HubSpot account access to trusted IP addresses. When HubSpot doesn't recognize the browser or device a user is logging in from, they'll be prompted to confirm their identity through an emailed verification code. A confirmation email will also be sent when logging in after clearing browser cookies. Once login is confirmed, the user can continue to use HubSpot as normal.

To confirm your login:

  • After entering your login credentials, you'll be redirected to a page that'll prompt you for a verification code.
  • Access the email inbox associated with your HubSpot account to retrieve the verification code. HubSpot support cannot provide this code for you.
  • On the verification page, enter the code, and click Log in.

If you're asked to confirm your login often, consider enabling two-factor authentication. With 2FA enabled, you can verify your login with your mobile device instead of email. You'll then have the option to prevent login confirmations for 30 days by selecting Don't ask me again on this computer when logging in. 

dont-ask-me-again-on-this-computer

If you don't receive a login confirmation code in your inbox, try the following troubleshooting steps:

If you no longer have access to your email inbox, or the email address is no longer valid, you'll need to contact a Super Admin in your account to add a new user for your current email address.

Secure your HubSpot mobile app

In your HubSpot mobile app's settings, you can turn on device lock. When you close or leave your HubSpot mobile app, the next time you open the app, you'll be prompted to verify your identity with your mobile device's native biometrics or PIN code. 

  • Open the HubSpot app on your device.
  • Tap Menu in the bottom navigation menu.
  • At the bottom of the left sidebar, tap the settings settings icon. 
  • Tap to toggle the Device lock setting on. 

Learn more about HubSpot's security practices and keeping your online data secure
Was this article helpful?
This form is used for documentation feedback only. Learn how to get help with HubSpot.
Table of contents Menu

Related content

New to HubSpot? Use these guides to get started.
OSZAR »