Two-Factor Authentication in HighLevel

Updated: March 19, 2026  |  Author: Bill Stilwell

What Is Two-Factor Authentication in HighLevel?

Two-Factor Authentication (2FA) is a security feature that requires a second form of identity verification beyond the password during login.

After entering the correct password, HighLevel prompts for a time-based one-time code – generated by an authenticator app like Google Authenticator or Authy, or sent via SMS.

2FA is the most effective protection against unauthorized account access – a stolen password alone is not enough to log in when 2FA is active.

How to Enable 2FA in HighLevel

Navigate to the account profile settings – the user profile icon in the top right of the HighLevel interface. Find the Security or Two-Factor Authentication section.

Choose the 2FA method: authenticator app (recommended) or SMS. For the authenticator app method, scan the QR code with the authenticator app and enter the generated code to confirm setup.

Once enabled, every login to that user account requires both the password and the 2FA code. Keep the backup codes generated during setup in a secure location – they are the only recovery method if the 2FA device is lost.

2FA for Agency Security

For agencies managing client sub-accounts, enforcing 2FA on all team members with admin access is a security best practice.

A compromised team member account without 2FA gives an attacker access to every client sub-account the team member can reach.

HighLevel’s per-user 2FA means each team member manages their own 2FA device – the agency cannot centrally manage 2FA devices but can require team members to enable it as part of account access policy.