Account Settings

Set up two-factor authentication for your HubSpot login

Last updated: September 24, 2020

Applies to:

All products and plans

Typically, logging into HubSpot requires just your username and password. With two-factor authentication (2FA) enabled, logging in requires verification using a second device, such as your mobile phone. Because logging in with 2FA requires that you have access to a physical device, the risk of a potential intruder gaining access to your account is much lower. 

2FA verification can be done through an SMS text message, or with an authenticator app, such as Google Authenticator. If you already set up HubSpot 2FA with Google Authenticator but have switched to a new Android phone, you can transfer Authenticator codes to your new device.

You can set up 2FA for your own login, or require all users in the account to use 2FA.

If you lose your 2FA device, check out our guide on resetting your 2FA.

Please note: 2FA is only enforced for logins using your HubSpot username and password. It cannot be used if you're using the Sign in with Google method.

Enable two-factor authentication for your login

To set up two-factor authentication in HubSpot:

  • In your HubSpot account, click the settings icon settings in the main navigation bar.
  • In the left sidebar menu, click Security.
  • In the Two-step authentication section, click Set up primary method

security-set-up-two-factor-authentication

  • Follow the on-screen instructions to finish setting up 2FA for your account. During this setup process, you’ll need access to the device you intend to use as your other login method (e.g., your mobile phone with SMS or the Google Authenticator app).

account-two-factor-auth

  • As a last step of the setup process, you'll be provided with 10 backup verification codes. These codes can be used in case you lose your 2FA device. Save your codes by clicking Print or Download (PDF)

    backup-verification-codes
  • Once 2FA is set up, you'll be prompted to enter a code that is delivered to your device the next time you log in.

Please note: if you see a This doesn't look right error after you enter the code, make sure that the time on your Google Authenticator app is syncing correctly. Learn how to correct the time in your Google Authenticator app.

Enable a secondary method

After setting up your primary two-factor authentication method, it's strongly recommended to set up a secondary method. A secondary method will allow you to log in to HubSpot if you can't access your primary method.

To set up a secondary authentication method:

  • In your HubSpot account, click the settings icon settings in the main navigation bar.
  • In the left sidebar menu, click Security.
  • In the Secondary verification section, click Set up secondary method
  • Follow the on-screen instructions to finish setting up your secondary method.

Require two-factor authentication for all users

If you're a Super Admin or have permissions to edit account defaults, you can require every user in the account to use two-factor authentication. 

  • In your HubSpot account, click the settings icon settings in the main navigation bar.
  • In the left sidebar menu, navigate to Account Defaults
  • In the Security section on the General Info tab, click to toggle the Require Two-Factor Authentication (2FA) switch on. 
  • In the dialog box, click Yesrequire-2fa

Please note: once the switch is toggled on, the requirement will only take effect after 24 hours. The 24-hour grace period is for users to set up their two-factor authentication method, if they haven't done so yet. If a user does not set it up after 24 hours, they will be asked to set it up next time they log in to HubSpot.

Once enabled, every user in the account will receive an email and an in-app notification to enable two-factor authentication in their account.

  • Users who already have set up their two-factor authentication methods will be reminded to generate back-up codes.
  • Users who have not set up their two-factor authentication method can set it up via a CTA in the email or through a prompt in the notification. HubSpot will then guide the user through adding their mobile device to their account. This device will be used for verification each time they log in.

portal-two-factor-authLearn more about what happens when you enable or require two-factor authentication and SSO at the same time

/account/how-can-i-set-up-two-factor-authentication-for-my-hubspot-login