HubSpot Ideas

dmurphy

Two-factor authentication for HubSpot portal

I was surprised this wasn't already a feature of HubSpot, especially where our databases are filled with our lead's information. I would like HubSpot to add 2FA to their system. Something we can integrate with Google Authenticator would be ideal. It adds an extra layer of security that we would appreciate. 

HubSpot Updates
February 07, 2020 08:36 AM

Hey all! I wanted to update on this thread to solicit some feedback around a new 2FA development we're currently rolling out. It will allow admins on an account to assist their users with getting their 2FA removed, & not require contacting the HubSpot support team. Currently, this functionality is available only for users who are on one HubSpot account. If you'd like to try this new functionality, please shoot me a direct message including your hub ID, & I can get you set up.

March 29, 2018 05:06 AM

Hi @Maurits,

 

Please see: https://community.hubspot.com/t5/HubSpot-Ideas/Two-factor-authentication-for-HubSpot-portal/idc-p/182655/highlight/true#M15333

We have heard the feedback but there is not yet a timeline for this change.

March 28, 2018 01:35 PM

@moodoir yes, it's been released to all HubSpot users at this point. Even though it's no longer in beta, we practice iterative development so feedback is always helpful, and we're likely to make changes/improvements in the future. Feel free to shoot me a message or post here if you have any feedback!

March 22, 2018 09:05 AM

@moodoir no problem! We do hope to provide SSO functionality in the future, just no concrete timelines yet!

March 22, 2018 06:11 AM

@moodoir There is a separate thread for SAML authentication on the ideas forum already (https://community.hubspot.com/t5/HubSpot-Ideas/SAML-authentication/idi-p/20389), and we look at it as a pretty distinct feature from 2FA. We have heard the feedback for SSO, but don't have specific plans/timelines we can share. 

March 21, 2018 03:46 PM

@tonyhunter it is not currently possible to require your users to use two factor authentication. We have heard this feedback during the beta, and will likely support it in the future.

Re: Two-factor authentication for HubSpot portal - changed to: Delivered
March 21, 2018 11:59 AM

I'm happy to be able to announce that two-factor authentication is now available for all HubSpot users. Individual users can enable two-factor authentication by visiting their profile and preferences in their HubSpot account. For more information on getting set up, you can visit our knowledgebase documentation

 

Thanks!

In Beta
November 10, 2017 09:53 AM

July 25, 2017 06:20 AM

Hi @mirshko,


We're actively working on the 2FA feature, but don't yet have a release date to share. We'll update this issue once there is a beta available. 

 

//Dillon

In Planning
May 05, 2017 04:46 PM

60 Replies
kimnguyen
Contributor | Diamond Partner

Hi, I did not use it myself but apparently https://www.onelogin.com provides something like that.
They are some kind of Password manager.
By connecting to Hubspot through their portal. you can add 2FA authentication 🙂 

komand
Member

Seconding 2FA to protect lead information, but also our sensitive third-party credentials (social accounts, etc). 

dilloncompton
HubSpot Product Team
 
bhennings
Member

I agree with dmurphy in that I was surprised that there is no good way to implement 2 Factor Authentication. From what I read, OneLogin kind of has 2FA, but it learns your patterns and once you keep logging in to the same computer, it doesn't ask for a second authentication. The owner of the company I work for wants me to tighten down all our systems with 2FA and Hubspot is the only one I can't do this with. Even if there was a way to restrict access to Hubspot from a certain IP range would be much better than the current format. I hope the Planning phase doesn't take too long or we may have to find a different platform that we can make more secure.

mirshko
Participant

@dilloncompton Whats the status on implementing this?

dilloncompton
HubSpot Product Team

Hi @mirshko,


We're actively working on the 2FA feature, but don't yet have a release date to share. We'll update this issue once there is a beta available. 

 

//Dillon

turnepf
Member

I'll pile on to this thread. I'd love to have 2FA (preferably using generic methods so I don't have to use Google, and not text either). It would be great since someone hacking my Hubspot account and messing with my website is a scary thought. Thanks for working on this and I'm happy to be a beta tester. 

nflaherty
Participant

 We store 100's of thousands of contacts who all trust us with their personal data. We take security extremely seriously and are fearful of the fact that this basic security functionality puts that data at potential risk. Giving this a massive upvote.

Anonymous
Not applicable

upvote +1000.

Chris1
Member

I concur. I'm just evaluating now but I couldn't put all my data in one place and then leave it insecure. Zoho and others have this feature now. I really like the look of HubSpot that lack of 2FA would be a dealbreaker for me.

mrmattwright
Member

Upvoting this too....I just enabled 2 Factor for Gmail as part of our readiness for GDPR, so until this feature is added to hubspot I'm not sure we can use it, which is a shame because our salespeople really wanted this as a solution. 

robsoninc
Member

Every other tool our team uses has 2FA. C'mon, it shouldn't have taken this long to still not have a resolution.

James_NYC
Member

2FA is definitely needing to at least partially safeguard this sensitive information. 

 

What are your plans for implmenting it in 2017-18?

Richards
Member

Not only do we need at least 2FA but single sign on would almost be mandatory. WIth GDPR here in Europe imminent the abilty to protect customer data by ensuring that all views are recorded and who is viewing will be a mandatory requirement for companies in complying with GDPR

Richards
Member

I agree, Hubspot are dragging their feet on security. All our data is at risk if they dont fix this. Not only should they be looking at 2FA but also single sign on.

Hubspot appear to offer Google Identity Platform, however this is not a platform that offers the security and glanurality that is need to truly secure data. Not only do we need to control access we need to know what data has been compromised. Hence what is really needed is single sign on through something like OKTA so that you can limit access to VPN or specific IP.

 

Come on Hubspot join the 21st Century!!

jackea
Member

100% AGREE with all comments regarding GDPR compliance in users. 2fA for HubSpot isn't a nice-to-have feature - it's going to be an essential security measure for some companies in the near future.

This NEEDS to be rolled out ASAP. This Idea was first raised 7 months ago and look how much demand there is for it.

CC: @dilloncompton

Richards
Member

Not only do we need 2FA and SSON but the admin in Hubspot needs the ability to:

 

1. Force reset an account by removing the existing password and then sending a temp password. The existing arrangment is not fit for purpose as it is up to the user to apply a new password. 

2. The only way to deal with the above is to delete the account but that means an admin nightmare to re-allocate the accounts.

 

Unless anyone out there knows different.

 

I have reported Hubspot to the UK Info commisioners office as I believe that Hubspot cannot offer the proper security under safe harbour. I await the reply from the ICO

dilloncompton
HubSpot Product Team
 
Richards
Member

Hi Dillon

 

How do we get on the beta program, love to help.

 

Richard

TheOtakuBox
Member

No 2FA is incredibly insecure. And not via SMS either, which has known security flaws. App-based, like Authy.