Bluehost Web Hosting Help
Accessing your account is as easy as entering your domain name and password on the login screen, or clicking one of our Single Sign-On options. As a web hosting provider, we're charged with safeguarding a lot of valuable and sensitive information, such as websites files, contact information, and financial data; a responsibility we take very seriously. We've implemented sophisticated backend security measures to the login process to prevent targeted attacks and added options like limited-access user passwords and two-factor authentication, resulting in a login experience that's easy to use and doesn't compromise security.
Passwords are the first level of protection against hacking, but research has shown that up to a shocking 90 percent of user-created passwords are vulnerable to hacking—90 percent! If that isn't cause for concern, we don't know what is. We rely on a slew of security protocols to make certain that your login is secure, but these measures can only go so far. Nowadays, it's becoming increasingly important for you to be proactive when it comes to keeping your login information secure. Not only do you need to create a strong password to withstand hacking attempts, but you also need to keep it safe so it doesn't find its way into the wrong hands.
#Create a Strong Password
We know it's a pain in the neck to come up with a new password for each site and application you frequent, not to mention how frustrating it can be to remember what they all are, but having a strong password can mean all the difference in securing your account.
Much of the traditional advice about creating a strong password is pretty much the same: the longer the better; use a mix of letters, numbers, and symbols to make it complex; avoid using any personal information; and don't use a word found in the dictionary. Still, it all holds true to scrutiny, even now that security concerns are greater than ever. Historically, password complexity seemed to be favored over length; but criminals figured out that shorter passwords are easier to hack, even if a few letters are substituted by similar numbers or characters. The trick is to create a long and complex password that can withstand a variety of hacking attempts.
Strong Password Do's
- Make It Memorable. Long, complex passwords are the most secure but they're often hard to remember. Try this to make it memorable: Think of an easy-to-remember phrase or piece of information, and then replace letters with similar characters or symbols. You could even take that phrase and make it an acronym before substituting symbols. For example, "I went to JFK High in 1975" can become "[email protected]_75" or something similar.
- Use Different Passwords Everywhere. You wouldn't use the same key for your house, car, mailbox, etc; so why would you use the same password for your online accounts? If a hacker obtains your password, the first thing they'll do is check whether that password works for other websites. It only takes one compromised login to put all of your other accounts (that reuse the password) at risk.
- Use a Password Manager. A password manager—like LastPass, Dashlane, KeePass, 1Password, etc.—is an app that saves your login credentials for different sites, then automatically logs you in the next time you visit. Some will even generate unique, complicated passwords for you. They're available in any web browser, and many apps will even sync across your devices.
Strong Password Don'ts
- Don't Use Dictionary Words. Hackers can employ a list of every word in the dictionary (or multiple dictionaries) to use against a password database. Luckily, strong passwords aren't usually vulnerable to this kind of attack.
- Don't Use Common Passwords. As with dictionary words, common passwords and generic sequences like password, admin, 123456, qwerty, etc. are also discouraged because they're easily hacked. Read this Gizmodo article for the 25 most popular passwords of 2015.
- Don't Reference Personal Information. It's easy to remember names, phone numbers, birthdays, etc., but that kind of information is easy for a hacker to find using social media and other methods.
- Don't Write It Down. If someone finds your password, they could do any number of things with your account, such as logging in and changing or stealing information, and even resetting your password. This is especially a problem with banking and email passwords.
- Don't Share It. Sharing your password with a friend or family member often seems harmless, but it could be easily mishandled and fall in to the wrong hands.
- Don't Log In From Public Computers. In a public place, it's easy for someone to look over your shoulder to view your password as you enter it. And it's even easier to accidentally save your login information for a particular website, allowing the next visitor access to your account.
Account passwords and login options are managed in Account > Passwords where you can do the following:
- Change the main account password, also known as the administrator password.
- Enable or disable two-factor authentication for your login.
- Create an identification PIN, which is used for verification purposes only; not to log in.
- Create or change the billing password for an authorized user.
- Create or change the hosting password for an authorized user.
You have complete, unrestricted access to manage your hosting account when you log in with the main account password. If you're the only one who logs in then this may be the only password you'll ever need for your hosting account. But if you want to delegate your website and billing management responsibilities without giving out your main login password, you also have the option to create limited-access user passwords.
As the account administrator, you'll create and manage the passwords on the user's behalf. This is a great security measure because it allows you to revoke access at any time just by changing the user's password.
We offer two types of user passwords with different levels of access:
- Hosting Password. Allows access to the hosting files and utilities needed to manage and publish your website(s).
- Billing Password. Allows access to purchase new services and renew or cancel existing services.
Neither password allows the user access to your contact and billing information in the Account Profile, so your private information remains secure.
And if you can't log in because you forgot your password, just click Forgot Password on the login screen and we'll send you an email with a link so you can update it.
To set and manage your main account password, check out How to Reset Your Login Password
It's no secret that trying to remember the password for every one of your applications is a hassle, especially if you aren't using a password manager yet. That's why we offer Single Sign-On (SSO), an option that permits access to your hosting account by authenticating your login credentials with one of our trusted SSO identity providers like Google, Facebook, WordPress, etc. This means that a single, successful sign-on with one of our trusted service providers will authenticate your access to both services.
In the past, SSO was considered more of a convenience measure, but over the last few years it's been shown to increase security by enabling more complex authentication policies and because your login credentials will only be stored in one very secure location rather than in multiple, possibly less secure locations. And we all know that it's easier and better to remember one complex password rather than a variety of passwords, especially because those are likely to be less complex to make them easier to remember. With fewer credentials to keep track of, there's fewer to lose or compromise.
To enable SSO for your login, check out Single Sign On.
Looking for more login security? Two-factor authentication provides an added layer of protection that strengthens your login by requiring two forms of identity verification: your password and a security token. Once it's enabled, stealing your password is no longer sufficient for a criminal to log in to your account because they'll also need to enter a security token, also known as a verification code, which you'll get from your smartphone app or email account, depending on how you set it up. Each token is only valid for 10 minutes, so hackers won't be able to use an expired code. Two-factor authentication isn't a cure-all, but it does dramatically improve your login security for reasonably little effort.
Recommended Help Content
Two-factor authentication is ideal for anyone looking to increase their account security.
Office 365: Multi-Factor Authentication
Office 365 requires admins users to set up multi-factor authentication before they can use the account. If customers do not set up their multi-factor authentication within 48 hours, they may be locked out.
Validation tokens are an easy way to validate you're an authorized user.
Related Help Content
Office 365: Temporary Password and Password Resets
How to use temporary passwords and reset the password for a user's account.
We're flexible folks, which is why we have several payment options, adjustable renewal settings, and easy access to your billing history.
Password Protect a File
How do I Password Protect a single file on my website?
Getting Started with Your New Account
A step by step guide to using your new Bluehost hosting account.
How To Create and Edit An FTP Account
How to use use the FTP Account tool to create additional FTP Accounts. This is useful for granting FTP access to your account without giving anyone your cPanel password.
Single Sign-On (SSO)
Single Sign-On (SSO) is the common name for the process of signing on to your bluehost account using a different software service provider (e.g. Google, Facebook, WordPress, etc.). Although the software systems of bluehost are independent from an SSO service provider, a singl
How To Transfer Domain Name To Bluehost
Maintaining your domain registration and hosting services within the same account allows you to manage both services with only one login password, making it easier for you to stay on top of everything related to your website. This article explains the process to transfer your domain to [% provinfo.n
How to Reset Your Login Password
How do I change my Control Panel password?