This article reviews Security Policies that can be configured on your account. To modify or add new security policies, log into HostPilot® Control Panel > Account > Security Policies.


As an account administrator, you can customize:

User Security Policy

User Security Policy allows to monitor suspicious log-in attempts into users' mailboxes. Account Contact can set up notifications about such events to users' primary or alternative email address. Read our Knowledge Base article on User Security Policy for more information.


User Password Policy

With the user password policy, you can

  • Allow users to change their passwords
  • Prevent users from changing their passwords
  • Force password changes
  • Create a custom user policy


Contacts Password Policy

Contact's Password Policy allows you to manage password complexity requirements and expiration period for all Account Contacts.

Once the policy is enabled, you will be asked to select password requirements such as minimum password length, password complexity, expiry periods and account contact locking.

Note: Shared accounts contacts, who manage several accounts might have the stronger password policy enabled on other accounts. The strongest compilation of policies will be applied to this shared account contact.


Read our Knowledge Base article to find out the default password policy for account contacts.

Password Policy can be enabled if you have account contacts that manage several accounts. 

IP-Based Access

Allows you to restrict or allow Administrators to access this account from the specific IP addresses. Read our Knowledge Base article on IP-based access.


Two-Factor Authentication Policy

Two-factor authentication (2FA) adds an additional layer of security for your HostPilot account.

With 2FA you can:

  • Choose a frequency range for account contacts to be asked to prove their identity when logging into HostPilot
  • Apply 2FA settings for all existing account contacts, including shared account contacts


Read our Knowledge Base article on Two-factor authentication policy for more information.

Note: Enabling 2FA affects all account contacts.

Note: 2А frequency settings are applied per a web browser. For example, if 2FA frequency is set to daily, an account contact will be prompted to prove their identity in every browser once a day.