Account Settings

Two-factor authentication | Frequently Asked Questions

Last updated: August 18, 2020

Find answers to common questions about HubSpot's two-factor authentication (2FA) methods.

What happens if I lose my 2FA device?

If you lose your 2FA device, you will not be able to access your account. You can request a 2FA reset from a super admin. Alternatively, you can contact HubSpot support to remove 2FA from your account:

  • On the login screen, when prompted for your 2FA login code, click the Lost your authentication device? link.

    hubspot-2fa-login
  • On the page you're redirected to, click the Send email button to send yourself a reset confirmation email.
  • You'll receive an email from HubSpot, asking you to fill out a form with some personal information to help verify your identity. Submit the form with your information.

Following this, an account reset will take at least 48 to 72 hours. In the event someone fraudulently resets your 2FA, the 48 to 72 hour window gives you time to view the reset notification and alert HubSpot Support of the fraudulent activity.

The best way to ensure you retain access to your HubSpot account is to set up both primary and secondary methods for your 2FA login. When you set up 2FA, you will be provided with backup codes, which you can download as a PDF and save to your device. The file name is backupCodes.pdf. A combination of Google Authenticator verification and stored backup codes for recovery will give you the most secure and reliable two-factor authentication setup for your HubSpot account.

How do I confirm that my team has set up two-factor authentication?

  • In your HubSpot account, click the settings icon settings in the main navigation bar.
  • In the left sidebar menu, click Users & Teams. If a user has two-factor authentication enabled for their account, you'll see a shield icon next to their email address in your users and teams.
    • If the icon is blue, the user has two-factor authentication enabled and has generated a set of backup codes.
    • If the icon is grey, the user has enabled two-factor authentication, but no backup codes have yet been generated.

2fa-setting

How do I require all users in my HubSpot account to use two-factor authentication?

If you want to ensure all users log in to your HubSpot account using two-factor authentication, you must be a Super Admin or have permissions to edit account defaults. If you have those permissions, learn how to update your settings to require all team members in your HubSpot account to use two-factor authentication.

What countries are supported by two-factor authentication?

Two-factor authentication using the Google Authenticator app is supported globally.

The countries that support SMS two-factor authentication are the same as the supported countries for calling. Any country-speciific limitations still apply. For example, China is not supported by SMS 2FA.

Verification code error: This doesn't look right

If you see a This doesn't look right error after entering your verification code, it may be because of the time set on your device. To make sure that you have the correct time on your device or Google Authenticator app, follow the instructions below for Android or iOS.

Android

  • Open the Google Authenticator app.
  • In the top right, tap the menu button (three vertical dots).
  • Select Settings.
  • Select Time correction for codes.
  • Select Sync now.
  • On the next screen, you'll see a confirmation that the time has been synced. You should now be able to use your verification codes.

iOS

  • Open the iPhone Settings app.
  • Select General.
  • Select Date & Time.
  • Tap to toggle the Set automatically switch on. If the switch is already toggled on, disable it and then re-enable it.
  • You should now be able to use your verification codes.

Can I enable two-factor authentication, required two-factor authentication, SSO, and required SSO at the same time?

Yes. Learn more about what happens when you enable or require two-factor authentication and SSO at the same time.

/account/two-factor-authentication-faq