Set up two-factor authentication for your HubSpot login
Last updated: July 25, 2024
Available with any of the following subscriptions, except where noted:
All products and plans |
Typically, logging into HubSpot requires just your username and password. With two-factor authentication (2FA) turned on, logging in requires verification using a separate device, such as your mobile phone. Because logging in with 2FA requires that you have access to a physical device, the risk of a potential intruder gaining access to your account is much lower.
2FA is required for all HubSpot Starter, Professional, and Enterprise accounts, and you will be automatically prompted to set it up when you first log on. However, if you are logging on with a third-party provider such as Google or Microsoft, you will not be prompted to set up 2FA. If you still want to enable 2FA when using Google or Microsoft to log on, complete the steps below.
For free tools accounts, if you want users to log in using two-factor authentication, you must be a super admin or have permission to edit account defaults. Learn more about 2FA.
2FA can be turned on in the HubSpot app, as an SMS text message, or with an authenticator app, such as Google Authenticator, Microsoft Authenticator, or Duo. If you already set up 2FA with Google Authenticator but have switched to a new Android phone, you can transfer Authenticator codes to your new device.
HubSpot provides primary and secondary methods of two-factor authentication to prevent a loss of access to your account due to the loss of a 2FA device. If you lose your 2FA device and do not have secondary methods of 2FA, you can reset your 2FA. The waiting period to reset your 2FA is typically a minimum of 48-72 hours.
Please note:
- The best way to ensure you retain access to your HubSpot account is to set up both primary and secondary methods for your 2FA login. When you set up 2FA, you will be provided with backup codes, which you can download as a PDF and save to your device. The file name is <your userId>_<download timestamp>.pdf. The combination of a primary and secondary 2FA method as well as stored backup codes for recovery will give you the most secure and reliable two-factor authentication setup for your HubSpot account.
- There are different 2FA methods depending on your country or region.
- When logging in with the Office 365 add-in integration, you cannot use the Sign in with Google 2FA method. You must use your HubSpot email and password.
Turn on two-factor authentication for your login
To set up two-factor authentication in HubSpot:
- In your HubSpot account, click the settings settings icon in the top navigation bar.
- In the left sidebar menu, navigate to General > Security.
- In the Two-factor authentication section, click Set up two-factor authentication (2FA).
- If you're using a third party security app or you want to enter a code from a text message to secure your login, select the corresponding option and follow the on-screen instructions. If you want to use the HubSpot mobile app on an Android or iOS device for 2FA, click HubSpot mobile app:
- If you haven't already installed the mobile app, you can use your phone's camera app to scan the QR code and download the latest version of the app.
- On your device, you'll finish setting up 2FA:
- You'll be prompted with a notification to continue 2FA setup. Tap the notification to proceed.
- Tap Continue.
- Tap Confirm.
-
-
- Tap Done to complete the setup on your device.
- Back in HubSpot, click Next.
-
- As a last step of the setup process, you'll be provided with 10 backup verification codes. These codes can be used in case you lose your 2FA device. It is highly recommended you download these codes to avoid the 48-72 hour waiting period for a 2FA reset. Save your codes by clicking Print or Download (PDF). If you download the backup codes to your computer, the default name of the PDF is <your userId>_<download timestamp>.pdf. You can rename the file if you want and you should keep the file in a secured location to protect from unauthorized access. If you generate new backup codes, the previously generated backup codes will no longer work.
- Click Next.
- Click Done.
2FA will apply the next time you login to your HubSpot account.
Please note: if you encounter a message that reads This doesn't look right error after you enter the code, make sure that the time on your device or Google Authenticator app is syncing correctly. Learn how to correct the time on your device or Google Authenticator app.
After completing the 2FA process when logging in, you can choose your preference for how often you'll be prompted for 2FA:- Click Remember me to avoid being asked for 2FA for a short period of time.
- Click Ask for 2FA every time to force 2FA on your device every time you log in.
If you set up 2FA using the HubSpot mobile app, to access the 2FA prompt during the login process:
- Open the HubSpot mobile app after entering your login credentials on your desktop, then click Yes for the following prompt:
- If you are having trouble seeing the 2FA prompt on the HubSpot mobile app, you can access a verification code the following ways:
- Tap Use verification code on the the 2FA prompt screen.
- On the home screen of the HubSpot mobile app, tap Menu in the bottom navigation menu. Then, at the bottom of the left sidebar, tap the account name. Under Account, tap Two-factor authentication (2FA), then use the code provided to complete 2FA.
Set up a secondary method
After setting up your primary two-factor authentication method, it's strongly recommended to set up a secondary method. A secondary method will allow you to log in to HubSpot if you can't access your primary method or backup codes.
To set up a secondary authentication method:
- In your HubSpot account, click the settings settings icon in the top navigation bar.
- In the left sidebar menu, navigate to General > Security.
- In the Two-factor authentication section, you'll see your primary 2FA method listed, along with an option to set up a secondary method of either 2FA text messages or a third party security app. If you choose 2FA text messages, it is recommended you set up a trusted phone number:
- To add a trusted phone number, in the Trusted Phone Number section, click Add a trusted phone number.
-
- On the Trusted Phone Number screen, type your phone number in the text box.
- Click Next.
- A six-digit code will be sent to the phone number. Type the code in the text box, then click Next.
- A verified screen will appear after you input the six-digit code. Click Done.
- After setting up a trusted phone number, or if you're selecting a third party security app, click Text message or Third party security app. Follow the on-screen instructions to finish setting up your secondary method.
Turn off two-factor authentication for your login
If you have a free tools account, you can only turn off two-factor authentication for your login. All Starter, Professional, and Enterprise accounts will have 2FA enabled without the option of turning it off.
Please note: it is highly recommended that you keep 2FA enabled to protect your account. Because logging in with 2FA requires you to have access to a secondary device, the risk of a potential intruder gaining access to your account is much lower.
To turn off 2FA for your login:
- In your HubSpot account, click the settings settings icon in the top navigation bar.
- In the left sidebar menu, navigate to General > Security.
- In the Two-factor authentication section, click Remove [Primary method], and if enabled, Remove [Secondary method].
- In the dialog box, input the 2FA code sent to your primary or secondary method. If you don't have access to either method, but have your backup codes, click Use a backup code. If you don't have access to any of these methods, click Lost your authentication device? to reset your 2FA to regain access to your account. Once you regain access to your account, you can then disable 2FA.
- In the next dialog box, click Turn off.
- After you have turned off your primary and secondary method for 2FA, you will no longer need 2FA to access your account.
Require two-factor authentication for all users
If you're a super admin or have permissions to edit account defaults, you can require every user in the account to use two-factor authentication. 2FA is required for all HubSpot Starter, Professional, and Enterprise accounts.
- In your HubSpot account, click the settings settings icon in the top navigation bar.
- In the left sidebar menu, navigate to Security. Click the Settings & Activity tab at the top.
- Under the Login section, click the Require Two-Factor Authentication (2FA) checkbox.
- In the dialog box, click Yes. When two-factor authentication is turned on, it cannot be disabled in the account.
Please note: once the switch is toggled on, the requirement will only take effect after 24 hours. The 24-hour grace period is for users to set up their two-factor authentication method, if they haven't done so yet. If a user does not set it up after 24 hours, they will be asked to set it up next time they log in to HubSpot.
Once turned on, every user in the account will receive an email and an in-app notification to turn on two-factor authentication in their account.
- Users who already have set up their two-factor authentication methods will be reminded to generate back-up codes.
- Users who have not set up their two-factor authentication method can set it up via a CTA in the email or through a prompt in the notification. HubSpot will then guide the user through adding their mobile device to their account. This device will be used for verification each time they log in.
Learn more about what happens when you turn on or require two-factor authentication and SSO at the same time.