Two-factor authentication | Frequently Asked Questions
Last updated: March 14, 2024
Available with any of the following subscriptions, except where noted:
All products and plans |
Find answers to common questions about HubSpot's two-factor authentication (2FA) methods.
What happens if I lose my 2FA device?
If you lose your 2FA device and use the HubSpot mobile app as your only 2FA method, you will not be able to access your account unless you have a secondary 2FA method accessible (e.g. Google Authenticator, backup codes). It is highly recommended that you set up a secondary 2FA method to avoid losing access since the reset process takes a minimum for 48-72 hours. To regain access, you must reset your two-factor authentication.
If you can use a secondary 2FA method to login to your account, you should remove the HubSpot app as a 2FA method until you can access another mobile device. This is to ensure your account security is not compromised.
- To remove the HubSpot app as a 2FA method:
- In your HubSpot account, click the settings settings icon in the top navigation bar.
- In the left sidebar menu, click General. Then, click the Security tab at the top.
- Under the Two-factor authentication section, click Remove HubSpot app.
-
- In the dialog box, if prompted, verify your identity. Then, click Turn off.
Do I need to reset 2FA if I uninstall the app or get a new phone?
Yes. If you uninstall the app or get a new phone, follow the steps below based on the 2FA method you chose on your old phone:
- If you use the HubSpot mobile app as your primary 2FA method:
- Remove the HubSpot app as your 2FA method by following the instructions in the section above.
- Delete the app from your old mobile device and install it on your new phone.
- Once you've installed the HubSpot app on your new phone, log in to the HubSpot app using your email address and password.
- Follow the prompts to set up two-factor authentication on your new device.
- If you use Google Authenticator or a third party app as your primary 2FA method, you can transfer your existing 2FA configuration to your new phone. Learn how to transfer your Google Authenticator configuration to a new Android or iOS phone.
- If your 2FA method is SMS and your new phone has the same phone number as your old phone, you won't need to make any updates. If you are using a new phone number, you can follow these steps to set up 2FA on your new phone number:
- In your HubSpot account, click the settings icon settings in the main navigation bar.
-
- In the left sidebar menu, click Security.
- In the Two-factor authentication section, click Remove SMS.
- In the dialog box, click Turn off.
- Set up 2FA for your new phone number.
Can I set up 2FA on the HubSpot mobile app on multiple mobile devices?
To minimize security risks, you can only use 2FA on the HubSpot mobile app on one trusted mobile device. To change your trusted device, follow the instructions in the section above.
How do I access or refresh my 2FA backup codes?
- In your HubSpot account, click the settings settings icon in the top navigation bar.
- In the left sidebar menu, click General > Security.
- In the Two-factor authentication section, click View backup codes.
- In the dialog box, click Print or Download (PDF) to save a record of your backup codes.
- To refresh the backup codes, click Generate new codes in the dialog box. Ten new backup codes will be created, and the previously generated backup codes will no longer work.
How do I confirm that my team has set up 2FA?
You must be a super admin or have permissions to edit account defaults to require and confirm 2FA setup for your team.- In your HubSpot account, click the settings settings icon in the top navigation bar.
- In the left sidebar menu, click Users & Teams. If a user has two-factor authentication turned on for their account, a twoFAOutline shield icon will display next to their email address in your users and teams.
- If the icon is blue, the user has two-factor authentication turned on and has generated a set of backup codes.
- If the icon is grey, the user has turned on two-factor authentication, but no backup codes have been generated.
How do I require all users in my HubSpot account to use 2FA?
Two-factor authentication is required for all HubSpot Starter, Professional and Enterprise accounts. For HubSpot free tools accounts, if you want to ensure all users log in using two-factor authentication, you must be a super admin or have permission to edit account defaults. If you have those permissions, you can update your settings to require all team members in your HubSpot account to use two-factor authentication.
What countries are supported by 2FA?
Two-factor authentication using the Google Authenticator app is supported globally.
The countries that support SMS two-factor authentication are the same as the supported countries for calling. Any country-specific limitations still apply. For example, China is not supported by SMS 2FA.
Verification code error: This doesn't look right
If you see a This doesn't look right error after entering your verification code, it may be due to the time set on your device. To make sure that you have the correct time on your device or Google Authenticator app, follow the instructions below for Android, iOS, or Google Authenticator.
Android
- Samsung devices
- Open the Samsung Settings app.
- Select General Management.
- Select Date & Time.
- Tap to toggle the Automatic date and time switch on. If the switch is already toggled on, turn it off, then turn it on again.
- Google devices
- Open the Google Settings app.
- Select System.
- Select Date & time.
- Tap to toggle the Set automatically switch on. If the switch is already toggled on, turn it off, then turn it on again.
iOS
- Open the iPhone Settings app.
- Select General.
- Select Date & Time.
- Tap to toggle the Set automatically switch on. If the switch is already toggled on, turn it off, then turn it on again.
- You should now be able to use your verification codes.
Google Authenticator
- Open the Google Authenticator app.
- In the top right, tap the menu button (three vertical dots).
- Select Settings.
- Select Time correction for codes.
- Select Sync now.
- On the next screen, a confirmation will appear when the time has been synced.
How do I enable 2FA on iOS 15 or later?
If you set up 2FA using the HubSpot mobile app on an iOS device that's running iOS 15 or later, you may need to edit your focus mode settings to ensure that HubSpot 2FA prompts appear when you're logging in.
First, enable time sensitive notifications for the HubSpot app:
- Open the Settings app.
- Scroll down and tap the HubSpot app from the list of apps.
- Tap Notifications.
- Click to toggle the Allow Notifications switch on, if it wasn't already enabled.
- Tap to toggle the Time-Sensitive Notifications switch on.
Next, enable time sensitive notifications in focus mode:
- Open the Settings app.
- Tap Focus.
- Select the relevant focus mode setting that you want to enable time sensitive notifications for (e.g., Do Not Disturb).
- Under Allowed notifications, tap Apps.
- Under Allowed Apps, tap Add Apps and select the HubSpot app.
- Tap to toggle the Time Sensitive switch on.
Can I turn on and require both 2FA and SSO at the same time?
Yes. Learn more about what happens when you turn on or require two-factor authentication and SSO at the same time.