Set up two-factor authentication for your HubSpot login (2024)

Last updated: January 29, 2024

Typically, logging into HubSpot requires just your username and password. With two-factor authentication (2FA) turned on, logging in requires verification using a separate device, such as your mobile phone. Because logging in with 2FA requires that you have access to a physical device, the risk of a potential intruder gaining access to your account is much lower.

HubSpot provides primary and secondary methods of two-factor authentication to prevent a loss of access to your account due to the loss of a 2FA device. If you lose your 2FA device and do not have secondary methods of 2FA, you can reset your 2FA. The waiting period to reset your 2FA is a minimum of 48-72 hours.

2FA can be done when logging on through your HubSpot account or through Sign-In with Google. 2FA can be turned on as an SMS text message, or with an authenticator app, such as Google Authenticator, Microsoft Authenticator, or Duo. You can also set up 2FA using the HubSpot mobile app. If you already set up HubSpot 2FA with Google Authenticator but have switched to a new Android phone, you can transfer Authenticator codes to your new device.

2FA is requiredfor all HubSpotStarter, Professional,andEnterprise accounts. For free tools accounts, if you want users to log in using two-factor authentication, you must beasuper adminor havepermission to edit account defaults. Learn more about 2FA.

Turn on two-factor authentication for your login

To set up two-factor authentication in HubSpot:

In your HubSpot account, click the settings settings icon in the top navigation bar.

In the left sidebar menu, navigate toGeneral > Security.
In theTwo-factor authentication section, click Set up two-factor authentication (2FA).

If you're using a third party security app or you want to enter a code from a text message to secure your login, select the corresponding option and follow the on-screen instructions. If you want to use the HubSpot mobile app on an Android or iOS device for 2FA, click HubSpot mobile app:
- If you haven't already installed the mobile app, you can use your phone's camera app to scan the QR code and download the latest version of the app.
- On your device, you'll finish setting up 2FA:
  - You'll be prompted with a notification to continue 2FA setup. Tap the notification to proceed.
  - TapContinue.
  - TapConfirm.

- - TapDone to complete the setup on your device.
- Back in HubSpot, clickNext.
As a last step of the setup process, you'll be provided with 10 backup verification codes. These codes can be used in case you lose your 2FA device. It is highly recommended you download these codes to avoid the 48-72 hour waiting period for a 2FA reset. Save your codes by clicking Print orDownload (PDF). If you download the backup codes to your computer, the default name of the PDF is <your userId>_<download timestamp>.pdf. You can rename the file if you want and you should keep the file in a secured location to protect from unauthorized access.If you generate new backup codes, the previously generated backup codes will no longer work.
ClickNext.
ClickDone.

2FA will apply the next time you login to your HubSpot account.

Please note: if you encounter a message that reads This doesn't look right error after you enter the code, make sure that the time on your device or Google Authenticator app is syncing correctly. Learn how to correct the time on your device or Google Authenticator app.

After completing the 2FA process when logging in, you can choose your preference for how often you'll be prompted for 2FA:

Click Remember meto avoid being asked for 2FA for a short period of time.
Click Ask for 2FAevery time to force 2FA on your device every time you log in.

If you set up 2FA using the HubSpot mobile app, to access the 2FA prompt during the login process:

Open the HubSpot mobile app after entering your login credentials on your desktop, then click Yes for the following prompt:

If you are having trouble seeing the 2FA prompt on the HubSpot mobile app, you can access a verification code the following ways:
- Tap Use verification code on the the 2FA prompt screen.
- On the home screen of the HubSpot mobile app, tapMenu in the bottom navigation menu. Then, at the bottom of the left sidebar, tap the account name. UnderAccount, tapTwo-factor authentication (2FA), then use the code provided to complete 2FA.

Set up a secondary method

After setting up your primary two-factor authentication method, it's strongly recommended to set up a secondary method. A secondary method will allow you to log in to HubSpot if you can't access your primary method or backup codes.

To set up a secondary authentication method:

In your HubSpot account, click the settings settings icon in the top navigation bar.
In the left sidebar menu, navigate toGeneral>Security.
In the Two-factor authentication section, you'll see your primary 2FA method listed, along with an option to set up a secondary method of either 2FA text messages or a third party security app. If you choose 2FA text messages, it is recommended you set up a trusted phone number:
- To add a trusted phone number, in the Trusted Phone Number section, clickAdd a trusted phone number.

- On the Trusted Phone Number screen, type your phone number in the text box.
- Click Next.
- A six-digit code will be sent to the phone number. Type the code in the text box, then click Next.
- A verified screen will appear after you input the six-digit code. Click Done.

After setting up a trusted phone number, or if you're selecting a third party security app, click Text message or Third party security app. Follow the on-screen instructions to finish setting up your secondary method.

Turn off two-factor authentication for your login

If you have a free tools account, you can only turn off two-factor authentication for your login. All Starter,Professional, andEnterprise accounts will have 2FA enabled without the option of turning it off.

Please note: it is highly recommended that you keep 2FA enabled to protect your account. Because logging in with 2FA requires you to have access to a secondary device, the risk of a potential intruder gaining access to your account is much lower.

To turn off 2FA for your login:

In your HubSpot account, click the settings settings icon in the top navigation bar.
In the left sidebar menu, navigate to General > Security.
In the Two-factor authentication section, clickRemove [Primary method], and if enabled,Remove [Secondary method].

In the dialog box, input the 2FA code sent to your primary or secondary method. If you don't have access to either method, but have your backup codes, clickUse a backup code. If you don't have access to any of these methods, click Lost your authentication device? to reset your 2FA to regain access to your account. Once you regain access to your account, you can then disable 2FA.

In the next dialog box, clickTurn off.
After you have turned off your primary and secondary method for 2FA, you will no longer need 2FA to access your account.

Require two-factor authentication for all users

If you're a super admin or have permissions to edit account defaults, you can require every user in the account to use two-factor authentication. 2FA is requiredfor all HubSpotStarter, Professional,andEnterprise accounts.

In your HubSpot account, click the settings settings icon in the top navigation bar.
In the left sidebar menu, navigate to Security. Click the Settings & Activity tab at the top.
Under the Login section, click theRequire Two-Factor Authentication (2FA) checkbox.
In the dialog box, click Yes. When two-factor authentication is turned on, it cannot be disabled in the account.

Please note: once the switch is toggled on, the requirement will only take effect after 24 hours. The 24-hour grace period is for users to set up their two-factor authentication method, if they haven't done so yet. If a user does not set it up after 24 hours, they will be asked to set it up next time they log in to HubSpot.

Once turned on, every user in the account will receive an email and an in-app notification to turn on two-factor authentication in their account.

Users who already have set up their two-factor authentication methods will be reminded to generate back-up codes.
Users who have not set up their two-factor authentication method can set it up via a CTA in the email or through a prompt in the notification. HubSpot will then guide the user through adding their mobile device to their account. This device will be used for verification each time they log in.

Learn more about what happens when you turn on or require two-factor authentication and SSO at the same time.

Set up two-factor authentication for your HubSpot login (2024)

FAQs

How to set up two-factor authentication on HubSpot? ›

In your HubSpot account, click the settings settings icon in the top navigation bar. In the left sidebar menu, navigate to Security. Click the Settings & Activity tab at the top. Under the Login section, click the Require Two-Factor Authentication (2FA) checkbox.

Read The Full Story ›

How to solve two-factor authentication problem? ›

If you have already set up two-factor authentication and cannot access the authentication code on your mobile device, you will need to ask your user manager or administrator to contact our support team to reset your account security. You will need to set up your account security with a different mobile device.

View Details ›

How do you set up two-factor authentication? ›

What is 2FA and how do you set it up? 2FA adds a second verification step (like a code from an app). Set it up by downloading an authenticator app, scanning a QR code, and entering the code generated.

How do I turn off two-factor authentication on HubSpot? ›

To remove the HubSpot app as a 2FA method:

In your HubSpot account, click the settings settings icon in the top navigation bar.
In the left sidebar menu, click General. Then, click the Security tab at the top.
Under the Two-factor authentication section, click Remove HubSpot app.

Mar 14, 2024

Explore More ›

What are the authentication methods for HubSpot? ›

There are two ways to authenticate calls to HubSpot's APIs: OAuth and private app access tokens access tokens.

Discover More ›

What is the 2FA method of two-factor authentication? ›

2FA defined

Two-factor authentication (2FA) is an identity and access management security method that requires two forms of identification to access resources and data.

Why is my two-factor authentication failing? ›

Authenticator apps rely on the time set on your device to create the authentication code. If the time on your device does not match the time on your computer then the code will not work. Check the time and date on your phone and make sure they match the computer or device you are logging in from.

Learn More ›

What to do if you can't access two-factor authentication? ›

If you have forgotten your password and you've lost access to your two-factor authentication credentials, you can start account recovery to regain access to your account. You'll need to verify your identity using a recovery authentication factor, such as an SSH key or previously verified device.

View Details ›

Why does my authentication keep failing? ›

Signal interference from nearby electronic devices, neighboring networks, or other physical obstacles can cause slow or unstable connections, which could lead to network authentication issues. The easiest way to avoid signal interference is to reposition your Wi-Fi router.

Learn More Now ›

How do you enable 2FA? ›

How do I enable 2FA?

Go to the ACCOUNT page.
Click the PASSWORD & SECURITY tab.
Under the 'TWO-FACTOR AUTHENTICATION' header, you will see the available 2FA options: Two-factor Authenticator App: Use an Authenticator App as your Two-Factor Authentication (2FA). ...
Click "SET UP" to enable your preferred 2FA method.

Tell Me More ›

What is the secret key for two-factor authentication? ›

The secret key for two-factor authentication (which is a form of multi-factor authentication) is a unique 16 character alphanumeric code that is required during the set up of the PIN generating tools. The secret key is issued for the first time when you log on to the CommCell environment.

Tell Me More ›

Why should you set up two-factor authentication? ›

Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person's devices or online accounts because, even if the victim's password is hacked, a password alone is not enough to pass the authentication check.

Read The Full Story ›

Does HubSpot support MFA? ›

Hubspot 2FA (Two-Factor Authentication) or Multi-Factor Authentication (MFA) is an additional layer of security in which a user or an organizational employee have to provide two factors to gain access to the Hubspot account.

Explore More ›

How to reset users in MFA HubSpot? ›

If you are on a single account with super admins and your email isn't shared across multiple accounts, an email will be sent to one of your super admins to begin the reset process. You will receive an email with a code. You must share this code with one of your super admins to have your 2FA reset.

Get More Info ›

Why can't I turn off two-factor authentication? ›

If you're already using two-factor authentication with your Apple ID, you can't turn it off. If you updated to two-factor authentication inadvertently, you can turn it off within two weeks of enrollment.

How do I get my two-factor authentication backup code? ›

Create & find a set of backup codes

On your Android phone or tablet, open the Settings app.
Tap Google. Manage your Google Account.
At the top, tap Security.
Under "How you sign in to Google," tap 2-Step Verification. You may need to sign in.
Under "Backup codes," tap Continue .
From here, you can:

Know More ›

How do I enable two-factor authentication on cloud? ›

Enabling two-factor authentication (2FA)

Open your Dashboard.
Click on your account avatar (top-right) and select Account Settings.
Click on Login & Security in the Account panel on the left (if you don't see this option, switch to your default organisation)
Click on the Two-factor Authentication tab.

More items...