Skip to content
Account Settings

Set up two-factor authentication for your HubSpot login

Last updated: December 2, 2022

Applies to:

All products and plans

Typically, logging into HubSpot requires just your username and password. With two-factor authentication (2FA) turned on, logging in requires verification using a separate device, such as your mobile phone. Because logging in with 2FA requires that you have access to a physical device, the risk of a potential intruder gaining access to your account is much lower.

HubSpot provides primary and secondary methods of two-factor authentication to prevent a loss of access to your account due to the loss of a 2FA device. If you lose your 2FA device and do not have secondary methods of 2FA, you can reset your 2FA. The waiting period to reset your 2FA is a minimum of 48-72 hours.

2FA can be done when logging on through your HubSpot account or through Sign-In with Google. 2FA can be turned on as an SMS text message, or with an authenticator app, such as Google Authenticator, Microsoft Authenticator, or Duo. You can also set up 2FA using the HubSpot mobile app. If you already set up HubSpot 2FA with Google Authenticator but have switched to a new Android phone, you can transfer Authenticator codes to your new device.

 


Please note:

  • The best way to ensure you retain access to your HubSpot account is to set up both primary and secondary methods for your 2FA login. When you set up 2FA, you will be provided with backup codes, which you can download as a PDF and save to your device. The file name is backupCodes.pdf. The combination of a primary and secondary 2FA method as well as stored backup codes for recovery will give you the most secure and reliable two-factor authentication setup for your HubSpot account.
  • There are different 2FA methods depending on your country or region
  • When logging in with a HubSpot Sales integration (e.g. Office 365 add-in, Outlook desktop add-in), you cannot use the Sign in with Google 2FA method. You must use your HubSpot email and password. 

Turn on two-factor authentication for your login

To set up two-factor authentication in HubSpot:

  • In your HubSpot account, click the settings settings icon in the main navigation bar.
  • In the left sidebar menu, click Security.
  • In the Two-factor authentication section, click Set up two-factor authentication (2FA)

set-up-two-factor-authentication

  • If you're using a third party security app or you want to enter a code from a text message to secure your login, select the corresponding option and follow the on-screen instructions. If you want to use the HubSpot mobile app on an Android or iOS device for 2FA, click HubSpot mobile app:
    • If you haven't already installed the mobile app, you can use your phone's camera app to scan the QR code and download the latest version of the app.
    • On your device, you'll finish setting up 2FA:
      • You'll be prompted with a notification to continue 2FA setup. Tap the notification to proceed.
      • Tap Continue.
      • Tap Confirm.

set up 2FA

      • Tap Done to complete the setup on your device.
    • Back in HubSpot, click Next.
  • As a last step of the setup process, you'll be provided with 10 backup verification codes. These codes can be used in case you lose your 2FA device. It is highly recommended you download these codes to avoid the 48-72 hour waiting period for a 2FA reset. Save your codes by clicking Print or Download (PDF). If you downloaded the backup codes to your computer, the default name of the PDF is backupCodes.pdf. If you generate new backup codes, the previously generated backup codes will no longer work.

    backup-verification-codes
  • Click Next.
  • Click Done.

2FA will apply the next time you login to your HubSpot account. 

Please note: if you encounter a message that reads This doesn't look right error after you enter the code, make sure that the time on your device or Google Authenticator app is syncing correctly. Learn how to correct the time on your device or Google Authenticator app.

After completing the 2FA process when logging in, you can choose your preference for how often you'll be prompted for 2FA:
  • Click Remember me to avoid being asked for 2FA for a short period of time.
  • Click Ask for 2FA every time to force 2FA on your device every time you log in.

If you set up 2FA using the HubSpot mobile app, to access the 2FA prompt during the login process:

  • Open the HubSpot mobile app after entering your login credentials on your desktop, then click Yes for the following prompt:

new login 2FA

  • If you are having trouble seeing the 2FA prompt on the HubSpot mobile app, you can access a verification code the following ways:
    • Tap Use verification code on the the 2FA prompt screen. 
    • On the home screen of the HubSpot mobile app, tap Menu in the bottom navigation menu. Then, at the bottom of the left sidebar, tap the account name. Under Account, tap Two-factor authentication (2FA), then use the code provided to complete 2FA.

Set up a secondary method

After setting up your primary two-factor authentication method, it's strongly recommended to set up a secondary method. A secondary method will allow you to log in to HubSpot if you can't access your primary method or backup codes.

To set up a secondary authentication method:

  • In your HubSpot account, click the settings settings icon in the main navigation bar.
  • In the left sidebar menu, click Security.
  • In the Two-factor authentication section, you'll see your primary 2FA method listed, along with an option to set up your secondary method. Click Text message or Third party security app to set up your secondary method. 
  • Follow the on-screen instructions to finish setting up your secondary method.

Require two-factor authentication for all users

If you're a super admin or have permissions to edit account defaults, you can require every user in the account to use two-factor authentication. 

  • In your HubSpot account, click the settings settings icon in the main navigation bar.
  • In the left sidebar menu, navigate to Account Defaults
  • Click the Security tab.
  • Under Login, select the Require Two-Factor Authentication (2FA) checkbox. 

    account-defaults-require-2fa
  • In the dialog box, click Yes

Please note: once the switch is toggled on, the requirement will only take effect after 24 hours. The 24-hour grace period is for users to set up their two-factor authentication method, if they haven't done so yet. If a user does not set it up after 24 hours, they will be asked to set it up next time they log in to HubSpot.

Once turned on, every user in the account will receive an email and an in-app notification to turn on two-factor authentication in their account.

  • Users who already have set up their two-factor authentication methods will be reminded to generate back-up codes.
  • Users who have not set up their two-factor authentication method can set it up via a CTA in the email or through a prompt in the notification. HubSpot will then guide the user through adding their mobile device to their account. This device will be used for verification each time they log in.

portal-two-factor-authLearn more about what happens when you turn on or require two-factor authentication and SSO at the same time

Was this article helpful?
This form is used for documentation feedback only. Learn how to get help with HubSpot.