Skip to content
Account Settings

Set up two-factor authentication for your HubSpot login

Last updated: June 3, 2022

Applies to:

All products and plans

Typically, logging into HubSpot requires just your username and password. With two-factor authentication (2FA) turned on, logging in requires verification using a second device, such as your mobile phone. Because logging in with 2FA requires that you have access to a physical device, the risk of a potential intruder gaining access to your account is much lower. 

2FA verification can be done through an SMS text message, or with an authenticator app. If you have an iOS device, you can setup 2FA authentication using the HubSpot mobile app. You can also use a third party authenticator, such as Google Authenticator, Microsoft Authenticator, or Duo. If you already set up HubSpot 2FA with Google Authenticator but have switched to a new Android phone, you can transfer Authenticator codes to your new device.

If you lose your 2FA device, check out our guide on resetting your 2FA.

Please note:

  • 2FA is only enforced for logins using your HubSpot username and password. It cannot be used if you're using the Sign in with Google method.
  • 2FA using the HubSpot mobile app is not currently supported for Android devices. You can still perform 2FA authentication using an SMS text message or another authenticator app.

Turn on two-factor authentication for your login

To set up two-factor authentication in HubSpot:

  • In your HubSpot account, click the settings settings icon in the main navigation bar.
  • In the left sidebar menu, click Security.
  • In the Two-factor authentication section, click Set up two-factor authentication (2FA)

set-up-two-factor-authentication

  • If you're using a third party security app or you want to enter a code from a text message to secure your login, select the corresponding option and follow the on-screen instructions. If you have an iOS device and you want to use it for 2FA authentication, click HubSpot mobile app:
    • If you haven't already installed the iOS app, you can use your phone's camera app to scan the QR code and download the latest version of the app.
    • On your device, you'll finish setting up 2FA:
      • You'll be prompted with a notification to continue 2FA setup. Tap the notification to proceed.
      • Tap Continue.
      • Tap Confirm.

confirm-2fa-mobile-authenticator-setup-on-device

      • Tap Done to complete the setup on your device.
    • Back in HubSpot, click Next.
    • Choose your preference for how often you'll be prompted for 2FA verification:
      • Click Remember me to avoid being asked for 2FA authentication for a short period of time.
      • Click Ask for 2FA every time to force 2FA confirmation on your device every time you log in.
  • As a last step of the setup process, you'll be provided with 10 backup verification codes. These codes can be used in case you lose your 2FA device. Save your codes by clicking Print or Download (PDF)

    backup-verification-codes
  • Once 2FA is set up, you'll be prompted to enter a code that is delivered to your device the next time you log in. For example, if you set up 2FA using the HubSpot mobile app on iOS, the prompt will resemble the following:

confirm-2fa-mobile-authenticator-setup-on-device

Please note: if you set up 2FA using the Google Authenticator app and you encounter a message that reads This doesn't look right error after you enter the code, make sure that the time on your Google Authenticator app is syncing correctly. Learn how to correct the time in your Google Authenticator app.

Set up a secondary method

After setting up your primary two-factor authentication method, it's strongly recommended to set up a secondary method. A secondary method will allow you to log in to HubSpot if you can't access your primary method.

To set up a secondary authentication method:

  • In your HubSpot account, click the settings settings icon in the main navigation bar.
  • In the left sidebar menu, click Security.
  • In the Two-factor authentication section, you'll see your primary 2FA method listed, along with an option to set up your secondary method. Click Set up SMS or Set up Google Authenticator to set up your secondary method. 
  • Follow the on-screen instructions to finish setting up your secondary method.

Require two-factor authentication for all users

If you're a Super Admin or have permissions to edit account defaults, you can require every user in the account to use two-factor authentication. 

  • In your HubSpot account, click the settings settings icon in the main navigation bar.
  • In the left sidebar menu, navigate to Account Defaults
  • Click the Security tab.
  • Under Login, select the Require Two-Factor Authentication (2FA) checkbox. 

    account-defaults-require-2fa
  • In the dialog box, click Yes

Please note: once the switch is toggled on, the requirement will only take effect after 24 hours. The 24-hour grace period is for users to set up their two-factor authentication method, if they haven't done so yet. If a user does not set it up after 24 hours, they will be asked to set it up next time they log in to HubSpot.

Once turned on, every user in the account will receive an email and an in-app notification to turn on two-factor authentication in their account.

  • Users who already have set up their two-factor authentication methods will be reminded to generate back-up codes.
  • Users who have not set up their two-factor authentication method can set it up via a CTA in the email or through a prompt in the notification. HubSpot will then guide the user through adding their mobile device to their account. This device will be used for verification each time they log in.

portal-two-factor-authLearn more about what happens when you turn on or require two-factor authentication and SSO at the same time

Was this article helpful?
This form is used for documentation feedback only. Learn how to get help with HubSpot.