With 2FA enabled, logging into HubSpot requires verification using a separate device, like your mobile phone, reducing the risk of unauthorized access to your account.
Please note:
- To secure access to your HubSpot account, set up both primary and secondary 2FA methods. Download and save the backup codes provided during 2FA setup as a PDF named backupCodes.pdf. This combination of methods and stored backup codes provides the most secure and reliable two-factor authentication setup for your HubSpot account.
Turn on two-factor authentication for your login
To set up two-factor authentication in HubSpot:
- In your HubSpot account, click the settings icon in the main navigation bar.
- In the left sidebar menu, click Security.
- In the Two-factor authentication section, click Set up two-factor authentication (2FA).
Choose the appropriate option to secure your login: a third-party security app or a text message code. Alternatively, select the HubSpot mobile app for 2FA on Android or iOS devices.:
- If you haven't already installed the mobile app, you can use your phone's camera app to scan the QR code and download the latest version of the app.
- On your device, you'll finish setting up 2FA:
- You'll be prompted with a notification to continue 2FA setup. Tap the notification to proceed.
- Tap Continue.
- Tap Confirm
- Tap Done to complete the setup on your device.
- Back in HubSpot, click Next.
- To avoid the waiting period for a 2FA reset, download and save the 10 backup verification codes provided during setup by clicking Print or Download (PDF). If you generate new backup codes, the previously generated ones will no longer work.
- Click Next.
- Click Done.
2FA will apply the next time you login to your HubSpot account. After completing the 2FA process when logging in, you can choose your preference for how often you'll be prompted for 2FA:
- Select the "Remember me" option to temporarily bypass the 2FA prompt for a short period of time..
- Select the option "Ask for 2FA every time" to enable two-factor authentication on your device each time you log in, ensuring an added layer of security.
Set up a secondary method
It is highly recommended to set up a secondary method after establishing your primary two-factor authentication. Having a secondary method will enable you to log in to HubSpot even if you are unable to access your primary method or backup codes.
To set up a secondary authentication method:
- In your HubSpot account, click the settings icon in the main navigation bar.
- In the left sidebar menu, click Security.
- In the Two-factor authentication section, you'll see your primary 2FA method listed, along with an option to set up a secondary method of either 2FA text messages or a third party security app. If you choose 2FA text messages, it is recommended you set up a trusted phone number:
- To add a trusted phone number, in the Trusted Phone Number section, click Add a trusted phone number.
- On the Trusted Phone Number screen, type your phone number in the text box.
- Click Next.
- A six-digit code will be sent to the phone number. Type the code in the text box, then click Next.
- A verified screen will appear after you input the six-digit code. Click Done.
- Once you have successfully set up a trusted phone number or selected a third-party security app, you can proceed by clicking on either "Text message" or "Third-party security app". Follow the instructions provided on the screen to complete the setup of your secondary authentication method.
How do I confirm that my team has set up 2FA?
You must be a super admin or have permissions to edit account defaults to require and confirm 2FA setup for your team.
- In your HubSpot account, click the settings icon in the main navigation bar.
- In the left sidebar menu, click Users & Teams. If a user has two-factor authentication turned on for their account, a shield icon will display next to their email address in your users and teams.
- If the icon is dark, the user has two-factor authentication turned on and has generated a set of backup codes.
- If the icon is not filled, the user has turned on two-factor authentication, but no backup codes have been generated.