On this page

Jump to any section using the links below

Two-factor authentication (2FA) adds an extra layer of security to user accounts by requiring both a password and an SMS verification code during login. This significantly reduces the risk of unauthorized access.

What is two-factor authentication

Two-factor authentication requires users to provide two forms of identification when logging in:

1. Something they know (password)
2. Something they have (a verification code sent via SMS)

Even if someone obtains a user's password, they cannot access the account without the SMS code sent to the user's registered phone number.

Accessing 2FA settings

Go to Account → Users, then click the Two-factor authentication (2FA) tab at the top of the page. Here you can configure default 2FA settings for all users in your account.

Enabling 2FA by default

In the Default two-factor authentication (2FA) settings section, you can set whether 2FA should be activated by default for all new users.

Click Edit default two-factor authentication settings to open the configuration dialog. Set the Activate 2FA field to "Yes" if you want 2FA enabled automatically for new users.

Updating existing users' 2FA settings

When you change the default 2FA setting, you can choose whether to apply the change to existing users:

• Yes - apply to users with inactive 2FA: Updates all users who do not currently have 2FA enabled
• No - only apply to new users: Leaves existing users unchanged

This gives you control over how quickly 2FA is rolled out across your organization.

Confirming changes with password

For security reasons, you must enter your account password to confirm any changes to 2FA settings. This ensures only authorized administrators can modify security configurations.

How 2FA affects user login

When 2FA is enabled, users will need to:

1. Enter their username and password as usual
2. Receive an SMS with a verification code on their registered phone number
3. Enter the verification code from the SMS
4. Complete login

Users must have a valid phone number registered in their user profile for 2FA to work.

Individual user 2FA management

Individual users can also enable or disable 2FA on their own accounts through their profile settings. However, if an administrator has enabled 2FA by default, users cannot disable it without administrator permission.

Best practices for 2FA

To ensure successful 2FA implementation:

• Ensure all users have valid phone numbers registered in their profiles
• Communicate the change to users before enabling 2FA
• Test 2FA with a small group before rolling out to all users
• Ensure users have mobile coverage or access to SMS when logging in
• Have a backup plan for users who may not receive SMS (contact administrator)
• Consider enabling 2FA gradually by starting with administrators and then rolling out to all users

Summary

Two-factor authentication provides essential protection for Hubhus accounts by requiring both a password and an SMS verification code. Enable 2FA by default in the settings, choose whether to update existing users immediately or gradually, and ensure all users have valid phone numbers registered. This significantly improves account security and protects sensitive business data.

Related articles

Managing trusted IP addresses
Security settings - Trusted IP addresses
Configuring data deletion settings
Managing consent declarations
Setting up anonymization rules