At Squarespace, we take account security very seriously. To take more steps to protect your Squarespace 5 account and site, we recommend following these best practices.
Choose a strong password
A password that’s easy to guess leaves your Squarespace 5 account–and any account that uses the same password–vulnerable to being compromised. Once someone guesses your password, they could log into your accounts, access your private information, cause harm, or steal your data.
On Squarespace 5, you have control over your password. It can be between 6 and 25 characters, with any combination of letters, numbers, and symbols.
Here are some dos and don’ts for passwords:
Do
- Use different passwords for each service you use
- Use long phrases you can remember, instead of a single word
- Use a mix of uppercase letters (“A”), lowercase letters (“a”), numbers (“1”), and symbols (“!”, “@”)
- Consider using a password manager app that generates and stores random passwords for you. This way, you won’t have to try to remember every password or store them in an insecure document.
Don’t
- Use your birthday, name, or physical address
- Use your email address as your password
- Use common words like password or Squarespace
- Use easy-to-guess sequences like 123 or ABC
- Use the same password for multiple services, especially your email address, payment processor account, or third-party domain provider
- Assume that an email is from a company just because it contains the company logo or their name appears in your inbox as the “From” name.
- Send your login information or other sensitive information via email, no matter how convincing the person sounds.
To learn how to change your password, visit Changing or recovering your password.
Change your password regularly
Update your password at least every few months. When you update your password, don’t use one you used in the past.
Don’t share your password
Never share your password with anyone, even someone you trust. Instead of sharing the same account with another person or team, there are other options:
- Each person who needs access to your site can have their own member account.
- To let someone see a private page without giving them editing access, visit Password-protecting pages.
Avoid phishing scams
Phishing emails impersonate trusted companies like Squarespace to try and trick you into sharing personal information. If you received a suspicious email that looks like it’s from us–or another company claiming to be associated with us–don’t click any links, reply to the message, or download any attached documents.
To spot a phishing email, look for an urgent tone, requests for your password or private information, fake email addresses, and links that don’t lead to www.squarespace.com. If you clicked a link or downloaded anything, change your password immediately, watch your bank account for unauthorized transactions, and report the email to your email provider.
For more tips, visit I received a suspicious email. Is it from Squarespace?
Remove unused member accounts
If a site member is inactive or no longer needs access to your site, consider removing them. This way, if their account gets compromised, the hacker can’t log into your site because it’ll be disconnected from their account.
Keep your browser and operating system up to date
Set your operating system and browsers to update automatically, so you’re always using the latest versions with up-to-date security features.
To learn more, visit Supported browsers.
Keep your antivirus software up to date
Antivirus software helps you fight against viruses and other malicious third-party programs. If you use antivirus software on your device, keep it up to date and set it to update automatically.
Report vulnerabilities
Our Security, Engineering, and Operations teams work 24/7 to monitor unusual behavior on our platform. If you’re a security professional or researcher, we encourage you to let us know if you’ve discovered a vulnerability on our Security page. Be sure to mention you're using Squarespace 5.