1. bluehost knowledge base

Login Management

Accessing your account is as easy as entering your domain name and password on the login screen or clicking one of our Single Sign-On options. As a web hosting provider, we're charged with safeguarding a lot of valuable and sensitive information, such as website files, contact information, and financial data, a responsibility we take very seriously. We've implemented sophisticated backend security measures to the login process to prevent targeted attacks and added options like limited-access user passwords and two-factor authentication, resulting in a login experience that's easy to use and doesn't compromise security.

Passwords are the first level of protection against hacking, but research has shown that up to a shocking 90 percent of user-created passwords are vulnerable to hacking—90 percent! If that isn't caused for concern, we don't know what is. We rely on a slew of security protocols to ensure that your login is secure, but these measures can only go so far. Nowadays, it's becoming increasingly important for you to be proactive in keeping your login information secure. Not only do you need to create a strong password to withstand hacking attempts, but you also need to keep it safe so it doesn't find its way into the wrong hands.



Create a Strong Password

We know it's a pain in the neck to come up with a new password for each site and application you frequent, not to mention how frustrating it can be to remember what they all are, but having a strong password can mean all the difference in securing your account.

Much of the traditional advice about creating a strong password is pretty much the same: the longer, the better; use a mix of letters, numbers, and symbols to make it complex; avoid using any personal information, and don't use a word found in the dictionary. Still, it all holds to scrutiny, even now that security concerns are greater than ever. Historically, password complexity seemed to be favored over length. Still, criminals figured out that shorter passwords are easier to hack, even if similar numbers or characters substitute a few letters. The trick is to create a long and complex password that can withstand a variety of hacking attempts.

Strong Password Do's

  • Make It Memorable. Long, complex passwords are the most secure, but they're often hard to remember. Try this to make it memorable: Think of an easy-to-remember phrase or piece of information, and then replace letters with similar characters or symbols. You could even take that phrase and make it an acronym before substituting symbols. For example, "I went to JFK High in 1975" can become "!WtJFKh1gh@I_75" or something similar.
  • Use Different Passwords Everywhere. You wouldn't use the same key for your house, car, mailbox, etc., so why would you use the same password for your online accounts? If a hacker obtains your password, the first thing they'll do is check whether that password works for other websites. It only takes one compromised login to put all of your other accounts (reusing the password) at risk.
  • Use a Password Manager. A password manager—like LastPass, Dashlane, KeePass, 1Password, etc.—is an app that saves your login credentials for different sites, then automatically logs you in the next time you visit. Some will even generate unique, complicated passwords for you. They're available in any web browser, and many apps will even sync across your devices.

Strong Password Don'ts

  • Don't Use Dictionary Words. Hackers can employ a list of every word in the dictionary (or multiple dictionaries) to use against a password database. Luckily, strong passwords aren't usually vulnerable to this kind of attack.
  • Don't Use Common Passwords. As with dictionary words, common passwords and generic sequences like password, admin, 123456, qwerty, etc., are also discouraged because they're easily hacked. Read this Gizmodo article for the 25 most popular passwords of 2015.
  • Don't Reference Personal Information. It's easy to remember names, phone numbers, birthdays, etc. However, that kind of information is easy for hackers to find using social media and other methods.
  • Don't Write It Down. If someone finds your password, they could do any number of things with your account, such as logging in and changing or stealing information, and even resetting your password. This is especially a problem with banking and email passwords.
  • Don't Share It. Sharing your password with a friend or family member often seems harmless, but it could be easily mishandled and fall into the wrong hands.
  • Don't Log In From Public Computers. It's easy for someone to look over your shoulder in a public place to view your password as you enter it. And it's even easier to accidentally save your login information for a particular website, allowing the next visitor access to your account.

Password Management

Account passwords and login options are managed by clicking the icon in the upper-rightmost corner of your screen (This icon is usually displayed as your initials), then click on Security, and you will be redirected to the My Account Center page.

rock-change-password
rock-account-security-tab
  • Change the main account password, also known as the administrator password.
  • Enable or disable two-factor authentication for your login.

You have complete, unrestricted access to manage your hosting account when you log in with the main account password. If you're the only one who logs in, then this may be the only password you'll ever need for your hosting account. But if you want to delegate your website and billing management responsibilities without giving out your main login password, you also have the option to create limited-access user passwords in the Web-pro Access tab.

As the account administrator, you'll create and manage the passwords on the user's behalf. This is a great security measure because it allows you to revoke access at any time just by changing the user's password.

And if you can't log in because you forgot your password, click the Forgot Password on the login screen, and we'll send you an email with a link so you can update it.

To set and manage your main account password, please visit the following article for more information: How to Reset Your Login Password.

Single Sign-On

It's no secret that trying to remember the password for every one of your applications is a hassle, especially if you aren't using a password manager yet. That's why we offer Single Sign-On (SSO), an option that permits access to your hosting account by authenticating your login credentials with one of our trusted SSO identity providers like Google, Facebook, WordPress, etc. This means that a single, successful sign-on with one of our trusted service providers will authenticate your access to both services.

In the past, SSO was considered more of a convenience measure. Over the last few years, it appeared to increase security by enabling more complex authentication policies. Your login credentials will only be stored in one very secure location rather than in multiple, possibly less secure locations. And we all know that it's easier and better to remember one complex password rather than a variety of passwords, especially because those are likely to be less complex to make them easier to remember. With fewer credentials to keep track of, there are fewer to lose or compromise.

To enable SSO for your login, check out Single Sign-On.

Two-Factor Authentication

Are you looking for more login security? Two-factor authentication provides an added layer of protection that strengthens your login by requiring two identity verification forms: your password and a security token. Once it's enabled, stealing your password is no longer sufficient for a criminal to log in to your account because they'll also need to enter a security token, also known as a verification code, which you'll get from your smartphone app or email account, depending on how you set it up. Each token is only valid for 10 minutes so that hackers won't use an expired code. Two-factor authentication isn't a cure-all, but it does dramatically improve your login security for reasonably little effort.

To enable two-factor authentication for your login, check out this article