Two-factor authentication for HubSpot portal

I was surprised this wasn't already a feature of HubSpot, especially where our databases are filled with our lead's information. I would like HubSpot to add 2FA to their system. Something we can integrate with Google Authenticator would be ideal. It adds an extra layer of security that we would appreciate. 

HubSpot updates
58 Replies
HubSpot Product Team
HubSpot Product Team

@moodoir yes, it's been released to all HubSpot users at this point. Even though it's no longer in beta, we practice iterative development so feedback is always helpful, and we're likely to make changes/improvements in the future. Feel free to shoot me a message or post here if you have any feedback!

Maurits
Occasional Contributor

@dilloncompton when will we be able to enforce two factor on all new users? 

HubSpot Product Team
HubSpot Product Team

Hi @Maurits,

 

Please see: https://community.hubspot.com/t5/HubSpot-Ideas/Two-factor-authentication-for-HubSpot-portal/idc-p/18...

We have heard the feedback but there is not yet a timeline for this change.

neilw
New Contributor

While I realise I can't enforce 2FA on all users at the moment is it possible to check which users have enabled 2FA?

tb1
New Contributor

to second what neilw is saying - it would really nice to see who has it enabled.

 

It would also be nice for Super Admins to:

  • Be able to force a user to re-enroll (say if they lose their phone and don't have backup codes)
  • Disallow SMS and mandate an authenticator app as a method as the SMS method has been proven to have some vulnerablities. 

Lastly the use of Language which specifies Google Authenticator is confusing to less technical users. Other Authenticator Apps work (Microsoft, Salesforce, Duo). Referring to it as Authenticator App would be less confusing.

 

moodoir
Occasional Contributor

Agree with TB1.

I forgot my phone the other day and it was a 48 hour turnaround time by HubSpot. I had to ask an external admin to register me on my personal email address to get back in. All a bit painful really. There has to be a better back up plan.

 

moodoir
Occasional Contributor

Although having 2FA now available via SMS, our company uses Duo Access Gateway and unfortunately I've just heard this isn't on HubSpot's roadmap. Surely this isn't a big development?

Richards
New Contributor

Ref 2FA

Just to let the forum know we have got fed up waiting for Hubspot to deal with this and have cancelled and are implementing Salesforce who have proper 2FA which we will be operating through OKTA.

I suggest that all of you concerned about security and user managment urgently consider moving away from Hubspot. The cost of not doing so could far outweigh the cost of moving.