Two-factor authentication adds an extra layer of security on top of your username and password when logging into HubSpot by requiring verification of the login through a second linked device, such as an SMS message or Google Authenticator.
Please note: while Google Authenticator is recommended, you can use any QR-based authenticator apps to set up two-factor authentication with HubSpot. The steps to set up a two-factor authentication with another QR-based authenticator app is the same as with Google Authenticator.
How is two-factor authentication more secure?
Because two-factor authentication requires that someone logging into an account has access to a physical object belonging to the account owner only, the risk of a potential intruder gaining access to your account is much lower.
How do I enable two-factor authentication?
HubSpot’s two-factor authentication is only enforced for logins using your HubSpot username and password. It cannot be used if you're using Google to sign into HubSpot.To set up two-factor authentication in HubSpot:
- In your HubSpot account, click your account name in the top right corner, then click Profile & Preferences.
- In the left sidebar menu, click Security.
- In the Two-step verification section, click Set up primary method and follow the on-screen instructions. You’ll need access to the device you intend to use as your other login method (e.g., your mobile phone with SMS or the Google Authenticator app).
- Once two-factor authentication is set up, you'll be prompted to enter a code that is delivered to your device.
Please note: if you see a This doesn't look right error after you enter the code, make sure that the time on your Google Authenticator app is syncing correctly. Learn how to correct the time in your Google Authenticator app.
- After setting up your primary method, click Set up secondary method and follow the on-screen instructions.
Please note: you should enable Google Authenticator as your verification method. Google Authenticator keeps your account and data more secure. SMS verification is more vulnerable to compromise and hijacking than app-based authentication.
What happens if I lose my 2FA device?
If you lose your 2FA device, you will not be able to access your account. Following this, an account reset will take at least 48 to 72 hours. In the event someone fraudulently resets your 2FA, the 48 to 72 hour window gives you time to view the reset notification and alert HubSpot Support of the fraudulent activity.
The best way to ensure you retain access to your HubSpot account is to set up both primary and secondary methods for your 2FA log in, and to generate backup codes. A combination of Google Authenticator verification and stored backup codes for recovery will give you the most secure and reliable two-factor authentication setup for your HubSpot account.
How do I confirm that my team has set up two-factor authentication?
- In your HubSpot account, click the settings icon settings in the main navigation bar.
- In the left sidebar menu, click Users & Teams. If a user has two-factor authentication enabled for their account, you'll see a shield icon next to their email address in your users and teams.
- If the icon's filled in gray, the user has two-factor authentication enabled and has generated a set of backup codes.
- If the shield icon is not filled in, the user has enabled two-factor authentication, but no backup codes have yet been generated.
How do I require all users in my HubSpot account to use two-factor authentication when logging in?
If you want to ensure all users log in to your HubSpot account using two-factor authentication, you must be a Super Admin or have permissions to edit account defaults. If you have those permissions, learn how to update your settings to require all team members in your HubSpot account to use two-factor authentication.
What countries are supported by two-factor authentication?
Two-factor authentication using the Google Authenticator app is supported globally.
When using SMS two-factor authentication, the supported countries are limited to the list of countries in this article, along with any country-specific limitations mentioned in the article. For example, China is not supported by SMS two-factor authentication.
Verification code error: This doesn't look right
If you see a This doesn't look right error after entering your verification code, it may be due to the time set on your device. To make sure that you have the correct time on your device or Google Authenticator app, follow the instructions below for Android or iOS.
- Open the Google Authenticator app.
- In the top right, tap the menu button (three vertical dots).
- Select Settings.
- Select Time correction for codes.
- Select Sync now.
- On the next screen, you'll see a confirmation that the time has been synced. You should now be able to use your verification codes.
- Open the iPhone Settings app.
- Select General.
- Select Date & Time.
- Tap to toggle the Set automatically switch on. If the switch is already toggled on, disable it and then re-enable it.
- You should now be able to use your verification codes.
Can I enable two-factor authentication, required two-factor authentication, SSO, and required SSO at the same time?
Yes. Learn more about what happens when you enable or require two-factor authentication and SSO at the same time.