Set up two-factor authentication for your HubSpot login

Last updated: November 12, 2018


Two-factor authentication adds an extra layer of security on top of your username and password when logging into HubSpot by requiring verification of the login through a second linked device, such as an SMS message or Google Authenticator.

How is two-factor authentication more secure?

Because two-factor authentication requires that someone logging into an account has access to a physical object belonging to the account owner only, the risk of a potential intruder gaining access to your account is much lower. 

How can I enable two-factor authentication? 

First, keep in mind that HubSpot’s two-factor authentication is only enforced for logins using your HubSpot username and password. It cannot be used if you're using Google to sign into HubSpot.

To set up two-factor authentication in HubSpot:
  • In your HubSpot account, click your account name in the top right corner, then click Profile & Preferences.
  • In the left sidebar menu, click Security.
  • In the Two-step verification section, click Set up primary method and follow the on-screen instructions. You’ll need access to the device you intend to use as your other login method (e.g., your mobile phone with SMS or the Google Authenticator app). 

  • Once two-factor authentication is set up, you'll be prompted to enter a code that is delivered to your device. 
  •  After setting up your primary method, click Set up secondary method and follow the on-screen instructions. 

Please noteyou should enable Google Authenticator as your verification method. Google Authenticator keeps your account and data more secure. SMS verification is more vulnerable to compromise and hijacking than app-based authentication. If possible, enable both a primary and secondary method, and make sure to set up and download your backup codes. A combination of Google Authenticator verification and stored backup codes for recovery will give you the most secure and reliable two-factor authentication setup for your HubSpot account.

If you lose all of your two-factor authentication methods, you won't be able to access your account until HubSpot Support resets your two-factor authentication. This can take up to 72 hours. 

Confirm that your team has set up two-factor authentication

You can see which members of your team have set up two-factor authentication:

  • In your HubSpot account, click the settings icon settings in the main navigation bar.
  • In the left sidebar menu, click Users & Teams. If a user has two-factor authentication enabled for their account, you'll see a shield icon next to their email address in your users and teams
    • If the icon's filled in gray, the user has two-factor authentication enabled and has generated a set of backup codes. 
    • If the shield icon is not filled in, the user has enabled two-factor authentication, but no backup codes have yet been generated.


What countries are supported by SMS two-factor authentication?

Two-factor authentication using the Google Authenticator app is supported globally. When using SMS two-factor authentication, the supported countries are limited to the list below: 

  • Argentina
  • Austria
  • Australia/Cocos/Christmas Island
  • Belgium
  • Brazil
  • Bulgaria
  • Canada
  • Chile
  • China
  • Colombia
  • Costa Rica
  • Czech Republic
  • Cyprus
  • Denmark
  • Estonia
  • Finland/Aland Islands
  • France
  • Germany
  • Greece
  • India
  • Ireland
  • Israel
  • Italy
  • Japan
  • Latvia
  • Lithuania
  • Luxembourg
  • Malta
  • Mexico
  • Netherlands
  • New Zealand
  • Norway
  • Panama
  • Peru
  • Poland
  • Portugal
  • Romania
  • Singapore
  • Slovakia
  • South Africa
  • South Korea
  • Spain
  • Sweden
  • Switzerland
  • United Kingdom
  • United States