If you haven’t already heard, Salesforce recently announced that starting from 1 February 2022, they will require all Salesforce users to use Multi-Factor Authentication (MFA) to use Salesforce products.
While this might sound confusing at first, we at CloudSmiths are here to help you understand what this means for your business and what you need to do to prepare. Ultimately, Salesforce’s move to implement MFA as part of improving security is a good decision.
Here’s everything you need to know about Salesforce implementing Multi-Factor Authentication.
What is Multi-Factor Authentication?
The world around us is changing at a rapid pace, sometimes more rapidly than we realize. As technology evolves and develops, security and protection safeguarding that technology needs to develop with it.
Whenever a major update is made, steps need to be taken to ensure that this new update is protected from potential threats and vulnerabilities. As more and more data is stored in the cloud, the threat of cyberattacks continues to increase and cybersecurity becomes a more serious concern.
Passwords and personal login details no longer provide the protection that they used to, and more robust security is required to protect our data against cyber threats.
Understandably, many people might find this change frustrating, as it’s simply one more thing we need to keep track of on top of everything else, but it’s a necessary change.
Why is Salesforce Implementing MFA?
Salesforce takes the safety of customer accounts and data very seriously. For any business to succeed, the security and confidentiality of customer and business data are vital. Having even one security breach could have irreparable consequences on a business’s operations and image.
The digital landscape is continuously evolving and new threats to online security, such as phishing scams and credential stuffing, are appearing every day.
All Salesforce users need to understand that these cyber attacks could affect anyone, including their business if they are not sufficiently protected. This is especially true as businesses switch to largely remote working environments, making it essential to strengthen their online defences even more.
This is why Salesforce has decided to implement MFA for all users to better safeguard its customers’ accounts and data. MFA is a simple way of preventing any unauthorised access to your accounts while providing better protection than a login and password combination.
Do I Have to Use MFA to Use My Salesforce Products?
Yes. The MFA update affects everyone using the Salesforce platform, and all users will be required to use MFA to access their Salesforce accounts and use their products.
Understandably, you might initially find this change frustrating, as it’s simply one more thing we need to keep track of on top of everything else, but it’s a necessary change that will keep your account sufficiently protected from nasty online hacks and security breaches.
What Do I Need to Do On My Side Regarding MFA?
To satisfy Salesforce’s MFA requirements, you need to select a verification method that is resistant to cyberattacks like phishing. This means that delivering one-time passcodes via text message, email or phone calls will not be accepted.So what methods are accepted then? Any of the following:
So what methods are accepted then? Any of the following:
- Salesforce Authenticator mobile app (available on the App Store® or Google Play™)
- Time-based one-time passcode (TOTP) authenticator apps, like Google Authenticator™, Microsoft Authenticator™, or Authy™
- Security keys that support WebAuthn or U2F, such as Yubico’s YubiKey™ or Google’s Titan™ Security Key
- Built-in authenticators, such as Touch ID®, Face ID®, or Windows Hello™
For your MFA process, you can select any of the above authentication options. It will be up to you to select the one that best suits your business and customer needs.
From 1 February 2022, all Salesforce users will be contractually obligated to use MFA to access Salesforce products and services. Salesforce will assist users before this time by beginning to automatically request MFA for users who log in directly to access Salesforce products (admins will be given the option to disable MFA requests if they are not ready to use it).
However, after February 1st, Salesforce will begin to gradually make MFA a mandatory part of the login process and remove the option to disable it. For each Salesforce product you own, you will receive notice from Salesforce before auto-enablement is activated, and you’ll be given a minimum of six months notice before MFA is enforced.
It might take a bit of adjusting at first, but implementing MFA as Salesforce recommends will ultimately better safeguard and protect your vital business accounts and data from malicious online activity and hackers.