HubSpot Security Check: Quickly Spot Users Without 2FA Enabled

Keeping your HubSpot account secure is crucial, especially when multiple users have access. Two-Factor Authentication (2FA) adds an extra layer of protection, but ensuring everyone on your team has it enabled can be a challenge. A recent HubSpot Community thread highlighted a change that made this process a bit more cumbersome, and we're here to break it down and offer some insights.

The 2FA Visibility Issue

The original poster in the HubSpot Community raised a concern about a change in the user interface. Previously, within Settings → Account Management → Users and Teams, administrators could quickly see a shield icon indicating whether a user had 2FA enabled. This allowed for a fast visual scan to identify users who hadn't yet activated this security measure. This made it easy to quickly review multiple pages of users (typically 100 per page) and identify accounts without 2FA enabled.

However, a recent update removed this indicator from the user index. Now, to check a user's 2FA status, admins must click into each individual user record. This significantly slows down the process, especially for larger teams. As one respondent pointed out, what used to be a quick scan of a few pages has now turned into potentially hundreds of clicks.

The core of the issue is that 2FA status isn't a default HubSpot user property, so it can't be used as a filter in the index. The visual indicator was the only efficient way to perform this security audit.

Potential Workarounds and Considerations

While the original poster requested the 2FA indicator be restored, here are a few things to consider in the meantime:

• Leverage the Security Settings Page: HubSpot does have a dedicated Security settings page. While it doesn't provide the same at-a-glance overview as the previous user index indicator, it's still a valuable resource for managing security settings.
• Internal Communication: Proactive communication with your team is key. Remind users to enable 2FA and provide clear instructions on how to do so.
• HubSpot Ideas Forum: The original poster submitted this as an “Idea” within the HubSpot Community. This is a great way to advocate for feature changes or improvements within HubSpot. Upvote ideas that are important to you!

It’s also worth noting that changes in software interfaces are common. While they can sometimes disrupt established workflows, they often come with other improvements or features. Adapting to these changes and finding alternative solutions is part of managing any software platform.

ESHOPMAN Team Comment

We at ESHOPMAN understand the frustration of losing a quick visual indicator like the 2FA status in the user index. Efficient user management is key, especially when dealing with sensitive customer data in an e-commerce context. We agree that HubSpot should prioritize restoring this functionality or providing an alternative way to quickly audit user security. In the meantime, consider using a dedicated password management tool with 2FA enforcement features across all your business applications.

Ultimately, while we await potential changes from HubSpot, combining proactive communication with available tools is the best approach to maintain a secure HubSpot environment. Remember that security is an ongoing process, not a one-time fix.