When logging in to HubSpot with 2FA you have the option to select 'Don't ask me again on this computer' as you can read here.
HubSpot may still ask you to fill in the code if you use a different browser, a different device, a different network (or VPN), as well as if you clear your browsing cache.
However, there are many examples where you don't change browser, device, network and don't clear you browsing cache.
For security reasons it would be necessary to have HubSpot forge you after a given period of time, to log in with 2FA again.
Agree with the above idea. Admins in the backend should have the option to setup the number of days after which one is asked again for 2FA with 0 being everytime. Not only how it is companies are at risk from users clicking the box, but also Hubspot itself is no 100% complying with GDPR by allowing this
Salesforce users are always asked after a certain amount of time to sign in again using their 2FA. It's crazy that HubSpot does not have this as an option.