Force 2-factor authentication (2FA) for all users to comply with GDPR

Christian

In relation to GDPR we need to ensure that our data is protected the best possible way, and the Hubspot setup right now is that each individual user needs to turn it on. 

I'm suggesting an option for the Admin to turn it on for all users, so that they're forced to have it, just like we have in Salesforce. 

HubSpot updates
Status updated to: Delivered
Jul 15, 2019

Hey everyone! Big news: we've launched the ability to require two-factor authentication to all of our customers. If you're interested in enabling this feature, you can find it in your Account Defaults settings. Please let me know if you have feedback on the feature! We're thrilled we could get this important security functionality into HubSpot for everyone to use to keep themselves safe.

Status updated to: In Beta
Mar 18, 2019

Hey all, we certainly do have a limited beta going for this feature at the moment. If you'd like to be added to the beta, please send me a private message here with your Hub ID, & we'll get you sorted! Thanks.

Jul 11, 2018

Hey everyone, I wanted to drop into this thread & let you know that this is definitely something we hear you on, & something that we want to do our best to solve. Privacy requirements & account security are things that we & our customers take very seriously, as well we should.

 

I did want to let you know that, while we don't have a solution in place for this precise request, we've just added a visual icon that will show you which users in your portal have currently enabled 2FA, & can also let you know whether or not that user has generated any backup codes (something we strongly recommend that they do!) You can see the new icon in the Users & Teams section of your portal settings. If a user has the filled version of the icon, shown below, they've enabled both 2FA & backup codes. If they have an unfilled version of it, they have 2FA but haven't completed backup generation yet. The filled icon is shown below:

 

Settings.png

 

20 Replies
JosieSA
Contributor

This is a critical requirement now. especially as companies are being targeted by hackers and having thier data held to ransom. 

This feature should be an account-wide setting. 

 

Please Hubspot - this is quite urgent! 

Cath
Member

Agreed- this is an important one! 

richardhh
Participant

It would be great to have this as ad admin on / off switch as mandatory for all users on an account. Best,
Richard

smoly1
Member

Agreed.  This would be very useful tool and help with compliance.  Should be standard.

rvossen86
Member

Absolutely necessary in today's world!

Momenta
Contributor

 Yes, we need the same due to GDPR.

rad
HubSpot Product Team
HubSpot Product Team

Hey everyone, I wanted to drop into this thread & let you know that this is definitely something we hear you on, & something that we want to do our best to solve. Privacy requirements & account security are things that we & our customers take very seriously, as well we should.

 

I did want to let you know that, while we don't have a solution in place for this precise request, we've just added a visual icon that will show you which users in your portal have currently enabled 2FA, & can also let you know whether or not that user has generated any backup codes (something we strongly recommend that they do!) You can see the new icon in the Users & Teams section of your portal settings. If a user has the filled version of the icon, shown below, they've enabled both 2FA & backup codes. If they have an unfilled version of it, they have 2FA but haven't completed backup generation yet. The filled icon is shown below:

 

Settings.png

 

smoly1
Member

Thanks!

 

That is a great start and will be a big win for us and compliance.  Thanks!

tbitops
Member

Indeed, I have to many users accross two different hubspot biz accounts to be chasing down all my staff asking if they've enabled 2FA. I really need a way to force users to setup 2FA upon login if they don't have it.

 

Thanks!!

noah
Participant

Need this also

realinfra-unr
Member

Ditto, really important in todays world

Please update when confirmed or in scheduled release

ojobson
Top Contributor

Your only as strong as your weakest point - this should have been a standard part of 2FA from the outset!

sarahgriffis
Member

Upvote as well!  Definitely a must have. 

DavidCarpenter
Member | Gold Partner

I agree. We have a large client who is requiring 2FA for all users (agency and internal) and we need to be able to force this function without chasing down 30-40 users distributed around the nation.

ojobson
Top Contributor

An email from HubSpot tells me that this feature is about to enter beta testing.

jeffintokyo
Member

Please add us to the beta for this feature as well.

Status updated to: In Beta
rad
HubSpot Product Team
HubSpot Product Team

Hey all, we certainly do have a limited beta going for this feature at the moment. If you'd like to be added to the beta, please send me a private message here with your Hub ID, & we'll get you sorted! Thanks.

yatishm
Top Contributor

I have upvoted this ... And also commenting here to add some pressure :). Agreed, it is a key element to enforce 2FA on all users or even selected number of users. Thanks in advance, Hubspot

nschmitt_stone
Member

Add my upvote as well. Manually verifying users have this enabled and don't turn it off in the future is no fun. I need a way to force compliance with 2FA and in turn verify the company's HubSpot  has compliance with regulatory and contractual security requirements.

Status updated to: Delivered
rad
HubSpot Product Team
HubSpot Product Team

Hey everyone! Big news: we've launched the ability to require two-factor authentication to all of our customers. If you're interested in enabling this feature, you can find it in your Account Defaults settings. Please let me know if you have feedback on the feature! We're thrilled we could get this important security functionality into HubSpot for everyone to use to keep themselves safe.