Developer Announcements

HubSpot Employee
HubSpot Employee

Upcoming: Developer accounts will require two-factor authentication for login

HubSpot currently supports two-factor authentication (2FA) for all HubSpot accounts, including developer accounts. Until now, 2FA has been optional, and is enabled from the account settings of any HubSpot account, either for an individual user, or for all users in that account.


However, in an effort to make sure HubSpot developers and their apps are kept safe, we are going to begin requiring 2FA for all users with access to developer accounts. 2FA is the best way to ensure that your account and app are protected from unauthorized access.


What's changing?

Beginning on June 14, developer accounts will start requiring two-factor authentication for all users. If you do not already have 2FA enabled, you will be prompted to set it up being able to access your account.


If you already have 2FA set up, you will be able to login as you normally do.


Please be aware that once two-factor authentication is set up for a user, it will be required for all HubSpot accounts they have access to, including non-developer accounts. This means that once 2FA is enabled, you will be required to provide your verification code when logging into any of your HubSpot accounts.


When is this happening?

This requirement will start rolling out to developer accounts on June 14, and will be in effect for all developer accounts by June 28.


Please see our two-factor authentication help documentation for information on setting up or using 2FA, and please let us know if you have any questions by replying below.

2 Replies 2

Upcoming: Developer accounts will require two-factor authentication for login

Hello, hubspot developers using SSO to enforce 2FA on their accounts are now being forced to use both SSO 2FA in addition to Hubspots mandatory 2FA authentication.


It is not hubspot's responsability to ensure their customers and developers are paracting good security habits. It is the customer and developers responsability to use good security practices and this arbitrary enforcement of a security measure is punishing customers that already follow good security practices by configuring SSO with 2FA. Please stop punishing organizatios with good security practices by requiring multime layers of 2FA.




Upcoming: Developer accounts will require two-factor authentication for login

Hi, enforcing 2FA may be consistent to keep all developer account secure.  However, what is the reason for not allowing 2FA via email as usual? Letting developer opt in to use either mobile based app/SMS or email would be a good approach imho.