Multi-Factor Authentication – Added Protection for your Salesforce Org
What Is MFA and Why Is It Important?
Usernames and passwords alone don’t provide sufficient safeguards against unauthorized account access. Multi-factor authentication (MFA) adds an extra layer of protection against threats like phishing attacks, credential stuffing, and account takeovers.
How Does Multi-Factor Authentication Work?
MFA requires users to prove they’re who they say they are by providing two or more pieces of evidence – or factors – when they log in.One factor is something the user knows, such as their username and password combination. Other factors are verification methods that the user has, such as an authenticator app or security key.
Salesforce offers simple, innovative MFA solutions that provide a balance between strong security and user convenience.
MFA Verification Methods for Salesforce
MFA adds an extra authentication step to a Salesforce login process.
- The user enters their username and password, as usual.
- Then the user is prompted to provide a verification method.
Salesforce requires users to provide a verification method that’s in their possession. Depending on your Salesforce product, you can allow any or all the following methods:
- Salesforce Authenticator App
- Third-Party TOTP Authenticator App
- U2F or WebAuthn Security Key
The Salesforce Authenticator mobile app makes MFA easy by integrating it into the login process. It’s simple for users to install and connect to their Salesforce accounts. When a user logs in, they get a push notification on their mobile device. The user taps the notification to open Salesforce Authenticator and sees the following information:
- The action that needs to be approved
- Which user is requesting action?
- Which service is requesting action?
- What device is the user using?
- The location from which the request is coming
With this information, the user can quickly and confidently approve or deny the authorization request. They can also automate the extra authentication step when working from a trusted location.
If the user’s mobile device doesn’t have connectivity, they can still log in using six-digit TOTP codes generated by Salesforce Authenticator. *
Third-Party Authenticator Apps
Salesforce supports the use of third-party authenticator apps that generate temporary codes based on the OATH time-based one-time password (TOTP) algorithm (RFC 6238). To log in using this type of verification method, the user gets a code from a TOTP authenticator app, then enters that code during the Salesforce login process.
TOTP authenticator apps can generate codes even if the user’s phone doesn’t have a data or internet connection.
There are many apps available, including free versions.
- Google Authenticator
- Microsoft Authenticator
Security keys are small physical devices that are easy to use because there’s nothing to install and no codes to enter. This is a great option if users don’t have a mobile device or if cell phones aren’t allowed on the premises. Security keys make MFA logins fast.
A user simply:
- Connects their key to the computer.
- Presses the key’s button to verify their identity.
MFA is one of the best ways to enhance login security to protect against common threats. We hope this blog motivated you to add an extra layer of protection to your Salesforce. Have questions about Multi-Factor Authentication? Feel free to contact ECHO Technology Solutions.