Making complex systems easily accessible and usable is essential for a quality user experience. Any platform is constantly challenged with the balance between easy login options and substantial security barriers. Salesforce has made a decision affecting all users. Beginning February 1, 2022, Salesforce will require customers to use Multi-Factor Authentication (MFA) to access Salesforce products.
Increased risk of cyber attacks and hacking attempts
With the substantial increase of working-from-everywhere location in the covid pandemic and the increased risk of cyber attacks and hacking attempts, Salesforce has chosen a path towards a mandatory login protocol to improve safety
MFA for every login
All internal users who log in to Salesforce products (including partner solutions) through the user interface must use MFA for every login. Salesforce encourages organizations to start planning for this change now, and where possible, begin implementing MFA. Salesforce motivates the choice for a mandatory MFA for all users in the following statement:
"A key part of your security strategy is safeguarding access to your Salesforce user accounts. On their own, usernames and passwords no longer provide sufficient protection against cyberattacks. That's where MFA comes in. It's one of the simplest, most effective ways to prevent unauthorized account access and safeguard your data and your customers' data. We require customers to implement MFA to help mitigate the risks stemming from threats like phishing attacks, credential stuffing, and compromised devices."
Single Sign-On and MFA
To ensure that MFA is required for all your Salesforce users, you can turn it on directly in your Salesforce products or use your Single Sign-On (SSO) provider's MFA service. If your SSO system uses MFA, you don't need to enable Salesforce's MFA for users who access your Salesforce products solely through SSO.
Trust and compliance
As mentioned above, the MFA requirement goes into effect on February 1, 2022. Salesforce states that the terms of service in the Notices and Licenses Information section of the Salesforce Trust and Compliance Documentation have been updated to require the use of MFA for direct and SSO logins to a Salesforce product's user interface.
Need help in switching to MFA? Gen25 can provide easy support.
As a Salesforce summit partner with extensive experience, Gen25 can provide you with the support you need to make the switch to Multi-Factor Authentication. Do you want a check if your Salesforce org is still up to date on this topic or any other topic? We have several opportunities for a review of your Salesforce org. Please send us a message with your question.