Everything You Need to Know About Salesforce’s New MFA Requirement
By Katelyn Stevenson
Data security is one of the highest priorities for any organization, and the confidentiality, integrity, and availability of data are vital. It only makes sense that when choosing a CRM solution, you need one that will take the protection of your data extremely seriously, and Salesforce does just that.
To continue providing top-notch data protection, Salesforce announced on February 2, 2021, that they require all organizations to enable Multi-Factor Authentication (MFA) to enhance your valuable data protection— and by extension, your business and your business and your customers.
What is MFA, and why does Salesforce require it?
MFA is a secure authentication method that requires you to provide your identity by supplying two or more factors or pieces of evidence when logging in. One factor you will always know, like your username and password. The other factors will be verification methods that you will have in your possession, such as an authenticator app or security key. By using these multiple factors, MFA makes it harder for common threats like account hacking, account takeovers, and phishing attacks to succeed.
As technology evolves, so do hackers, and the type of attacks that can cripple your business or exploit your customers are on the rise. Implementing more robust security measures has become extremely important with the transition to remote work and many people using remote work environments. MFA is one of the easiest and most effective ways to safeguard your business and data against these growing security threats.
When is the MFA requirement deadline?
Beginning February 1, 2022, you will be contractually required to use MFA when accessing your Salesforce products, either by logging into the user interface directly or by using single sign-on (SSO). To learn more about MFA and Salesforce’s requirements, you can review the Notices and Licenses Information section of the Salesforce Trust and Compliance Documentation and the MFA content in the applicable Salesforce User Guide.
If you cannot enable MFA for your users by the deadline, your users will still be able to log in for a short period of time. During this time, Salesforce will help any customers who have not automatically enabled and enforce MFA for their users who log in directly to Salesforce organizations. Suppose you do not enable MFA either by yourself or with the help of Salesforce. In that case, you will be out of compliance with your contractual obligations so, you must inform your employees of the change and implement it as soon as you can.
When can I implement MFA?
You can implement MFA any time between now and the deadline. But, it is suggested that if you have not started or still need to finish implementing MFA with your users, do it as soon as possible to protect access to your organization.
To roll out MFA, we suggest you take these actions now:
Enable MFA today by using the MFA Assistant in Setup for step-by-step instructions.
Download the MFA Rollout Pack and share it with your users to spread awareness about the changes and help prepare them for MFA.
Where can I get more information about MFA and the switch?
Moving to MFA will be an extensive and even taxing change for some customers, but with the rise in cyberattacks, the move to implementing MFA is critical to keeping your business safe.