Set up two-factor authentication for your HubSpot login

Two-factor authentication (2FA) adds an essential layer of security to your HubSpot login when you log in with your email and password. When 2FA is turned on, you'll need to complete a second verification step using a separate device, such as a mobile phone, to log in to your HubSpot account. 2FA helps protect your account from unauthorized access, even if your password is stolen.

2FA methods available by subscription

For Starter, Professional, and Enterprise accounts, 2FA is required for all users logging in with a username and password. You'll be automatically prompted to set it up when you first log in and it cannot be turned off. 

For HubSpot's free tools accounts, if you want users to log in using 2FA, learn how to require 2FA for all users. 

Please note: the available methods for setting up 2FA may vary depending on your HubSpot subscription level and country or region. 2FA using the Google Authenticator app is supported globally. The countries that support SMS 2FA are the same as the supported countries for calling.

Understand limitations and considerations

• While SMS text message 2FA is available for Starter, Professional, and Enterprise accounts, HubSpot recommends using a passkey or authenticator app for stronger security.
• When logging in with the Office 365 add-in integration, you cannot use the Sign in with Google 2FA method. You must use your HubSpot email and password.
• If you're logging in with a third-party provider such as Google or Microsoft, you will not be automatically prompted to set up 2FA. If you still want to turn on 2FA when using Google or Microsoft to log in, complete the steps below.
• HubSpot offers primary and secondary 2FA methods. This helps you keep access to your account if you lose your 2FA device. The best way to ensure you retain access to your HubSpot account is to set up both primary and secondary methods for your 2FA login.
• When you set up 2FA, you'll be provided with backup codes, which you can download as a PDF and save to your device. The file name is <your userId>_<download timestamp>.pdf. This combination of a primary and secondary 2FA method, as well as stored backup codes for recovery, will give you the most secure and reliable 2FA setup for your HubSpot account.
• If you have already set up 2FA with Google Authenticator but have switched to a new Android phone, you can transfer Authenticator codes to your new device.

Set up 2FA for your account

To set up 2FA in HubSpot:

1. In your HubSpot account, click the settings settings icon in the top navigation bar.
2. In the left sidebar menu, navigate to General > Security.
3. In the Two-factor authentication (2FA) section, click Set up two-factor authentication (2FA). 

4. On the Two-factor authentication page, select from the following methods:
   • Passkey: log in using biometrics, Face ID, or a device pin. Learn how to set up passkeys. 
   • Authenticator app: enter a one-time code using a third party authenticator app.

4. • SMS: enter a one-time code from a text message.
5. To set up 2FA using an authenticator app or SMS, follow the on-screen instructions to set up the third party app or phone number. In HubSpot, click Next.
6. Enter the code provided by your authentication method. Click Next.

Please note: if you encounter a This doesn't look right error after entering your verification code, make sure that you have the correct time on your device. Review the instructions for Samsung, Google‌, and iOS devices to learn more about how to sync the time on your device correctly.

7. Save your backup codes by clicking Print or Download PDF. These codes can be used to log in if you lose your 2FA device. 
   • If you download the backup codes to your computer, the default name of the PDF is <your userId>_<download timestamp>.pdf. You can rename the file if you want and you should keep the file in a secured location to protect it from unauthorized access.
   • If you generate new codes, the previously generated backup codes will no longer work.
8. Click Next.
9. Click Done or add a secondary 2FA method. 2FA will apply the next time you log in to your HubSpot account. 

• Click Remember me to avoid being asked for 2FA for 28 days.
• Click Ask every time to always prompt for 2FA every time you log in.

Set up a secondary 2FA method

After you've set up your primary 2FA method, it's strongly recommended to set up a secondary method. A secondary method will allow you to log in to HubSpot if you can't access your primary method or backup codes.

To set up a secondary authentication method:

1. In your HubSpot account, click the settings settings icon in the top navigation bar.
2. In the left sidebar menu, navigate to General > Security.
3. In the Two-factor authentication (2FA) section, you can view your primary 2FA method listed, along with an option to set up a secondary method of either 2FA SMS messages or a third party authenticator app. If you choose 2FA SMS messages, it is recommended you set up a trusted phone number:

• • To add a trusted phone number, in the Trusted Phone Number section, click Add a trusted phone number. 
  • On the Trusted Phone Number screen, type your phone number in the text box.
  • Click Next.
  • A six-digit code will be sent to the phone number. Type the code in the text box, then click Next.
  • A verified screen will appear after you input the six-digit code. Click Done.

4. After setting up a trusted phone number, or if you're selecting a third party authenticator app, click Text message or Authenticator app. Follow the on-screen instructions to finish setting up your secondary method.

Reset your 2FA login

If you lose your 2FA device and don't have a passkey, a secondary 2FA method, or backup codes, you'll need to reset your 2FA to regain access to your account. Learn how to reset your 2FA.

Turn off 2FA for your login

For Starter, Professional, and Enterprise accounts, 2FA is required for all users logging in with a username and password. If you have a Professional or Enterprise account where single sign-on is required, or if you're using HubSpot's free tools, you can turn off 2FA for your login.

Please note: it is highly recommended that you keep 2FA turned on to protect your account. Because logging in with 2FA requires you to have access to a secondary device, the risk of an intruder gaining access to your account is much lower.

To turn off 2FA for your login:

1. In your HubSpot account, click the settings settings icon in the top navigation bar.
2. In the left sidebar menu, navigate to General > Security.
3. In the Two-factor authentication section, click Remove [Primary method], and if turned on, Remove [Secondary method].

Please note: as of March 20, 2026, the HubSpot mobile app is temporarily unavailable when setting up 2FA methods. If you've previously set up 2FA with the HubSpot mobile app, you can continue to use this method when logging in. If you remove the HubSpot mobile app as a 2FA method, it can't be re-added. To set up 2FA, you'll need to use a passkey, an authenticator app, or SMS.

4. In the dialog box, input the 2FA code sent to your primary or secondary method. If you don't have access to either method, but have your backup codes, click Use a backup code. If you don't have access to any of these methods, click Lost your authentication device? to reset your 2FA to regain access to your account. Once you regain access to your account, you can then turn off 2FA.

5. In the next dialog box, click Turn off.
6. After you have turned off your primary and secondary methods for 2FA, you'll no longer need 2FA to access your account.

Require 2FA for all users

2FA is required for all HubSpot Starter, Professional, and Enterprise accounts without the option of turning it off.

1. In your HubSpot account, click the settings settings icon in the top navigation bar.
2. In the left sidebar menu, navigate to Security. 
3. On the Login tab, click to toggle the Require Two-Factor Authentication (2FA) switch on.
4. In the dialog box, click Yes. When two-factor authentication is turned on, it cannot be turned off in the account.

Please note: once the switch is toggled on, the requirement will only take effect after 24 hours. The 24-hour grace period is for users to set up their 2FA method, if they haven't done so yet. If a user does not set it up after 24 hours, they will be asked to set it up next time they log in to HubSpot.

Once turned on, every user in the account will receive an email and an in-app notification to turn on 2FA in their account.

• Users who already have set up their 2FA methods will be reminded to generate back-up codes.
• Users who have not set up their 2FA method can set it up via a CTA in the email or through a prompt in the notification. HubSpot will then guide the user through adding their mobile device to their account. This device will be used for verification each time they log in.

In addition, Super Admins have the ability to send users reminders to set up their 2FA. 

1. In your HubSpot account, click the settings settings icon in the top navigation bar.
2. In the left sidebar, navigate to Security > Permissions. 
3. In the [X] users are not enrolled in two-factor authentication section, click Manage.

4. In the right side panel, select the checkbox next to the users you want to send a reminder to. Then, click Next. 
5. Review the users you selected and click Send. 

Frequently Asked Questions

Find answers and general information about 2FA. 

What happens if I lose my 2FA device? 

If you lose your 2FA device and use the HubSpot mobile app as your only 2FA method, you won't be able to access your account unless you have a secondary 2FA method accessible (e.g. Google Authenticator, backup codes). It is highly recommended that you set up a secondary 2FA method to avoid losing access to your account. 

If you can use a secondary 2FA method to login to your account, you should remove the HubSpot app as a 2FA method until you can access another mobile device. This is to ensure your account security isn't compromised.

To remove the HubSpot app as a 2FA method:

1. In your HubSpot account, click the settings settings icon in the top navigation bar.
2. In the left sidebar menu, click General. Then click the Security tab at the top.
3. Under the Two-factor authentication section, click Remove HubSpot app.
4. In the dialog box, if prompted, verify your identity. Then, click Turn off.

Do I need to reset 2FA if I uninstall the app or get a new phone?

Yes. If you uninstall the app or get a new phone, follow the steps below based on the 2FA method you chose on your old phone:

• If you use the HubSpot mobile app as your primary 2FA method:

1. 1. Remove the HubSpot app as your 2FA method by following the instructions in the section above.
   2. Delete the app from your old mobile device and install it on your new phone.
   3. Once you've installed the HubSpot app on your new phone, log in to the HubSpot app using your email address and password.
   4. Follow the prompts to set up two-factor authentication on your new device.

• If you use Google Authenticator or a third party app as your primary 2FA method, you can transfer your existing 2FA configuration to your new phone. Learn how to transfer your Google Authenticator configuration to a new Android or iOS phone.
• If your 2FA method is SMS and your new phone has the same phone number as your old phone, you won't need to make any updates. If you're using a new phone number, you can follow these steps to set up 2FA on your new phone number: 

1. 1. In your HubSpot account, click the settings icon settings in the main navigation bar.
   2.  In the left sidebar menu, navigate to General > Security.
   3. In the Two-factor authentication section, click Remove SMS. 
   4. In the dialog box, click Turn off. 
   5. Set up 2FA for your new phone number. 

How do I access or refresh my 2FA backup codes? 

1. In your HubSpot account, click the settings settings icon in the top navigation bar.
2. In the left sidebar menu, click General > Security. 
3. In the Two-factor authentication (2FA) section, click View backup codes. 
4. In the dialog box, click Print or Download (PDF) to save your backup codes.
5. To refresh the backup codes, click Generate new codes in the dialog box. Ten new backup codes will be created, and the previously generated backup codes will no longer work. 

How do I turn on 2FA on iOS 15 or later?

If you've set up 2FA using the HubSpot mobile app on an iOS device that's running iOS 15 or later, you may need to edit your focus mode settings to ensure that HubSpot 2FA prompts appear when you're logging in.

First, turn on time sensitive notifications for the HubSpot app:

1. Open the Settings app.
2. Scroll down and tap the HubSpot app from the list of apps.
3. Tap Notifications.
4. Click to toggle the Allow Notifications switch on, if it wasn't already turned on.
5. Tap to toggle the Time-Sensitive Notifications switch on.

Next, turn on time sensitive notifications in focus mode:

1. Open the Settings app.
2. Tap Focus.
3. Select the relevant focus mode setting that you want to turn on time sensitive notifications for (e.g., Do Not Disturb).
4. Under Allowed notifications, tap Apps.
5. Under Allowed Apps, tap Add Apps and select the HubSpot app.
6. Tap to toggle the Time Sensitive switch on.

Can I turn on and require both 2FA and SSO at the same time?

Yes. Learn more about what happens when you turn on or require two-factor authentication and SSO at the same time.

Can I set up a passkey and use 2FA at the same time? 

Yes. If you've set up a passkey and turned on 2FA using an authenticator app or SMS, you'll be prompted to use a passkey before logging in using 2FA authentication methods. If you want to log in with your 2FA methods instead, under Need help?, click Try another method. You'll be prompted to log in with your 2FA method.