Multi-factor Authentication In Salesforce
User credentials are frequently treated insecurely. Employees reuse them repeatedly, and single-factor authentication leaves them to fend for themselves. This process has resulted in billions of dollars being stolen and massive data breaches that take months, sometimes years, to recover.
As a result, implementing a safer, smarter, and user-friendly solution is critical. Multi-factor authentication is one of the simplest and most effective methods for encrypting your data and preventing illegal account access.
What is Multi-factor Authentication??
Multi-factor Authentication (MFA) is an authentication system that validates a user’s identity using two or more distinct procedures rather than just a username and password combination. This verification is frequently accomplished by using an authenticator app’s One-Time Passcode (OTP) or a “push” from the authenticating service.
MFA helps enterprises defend against identity theft, cyberattacks, and data breaches by preventing unauthorized access to apps and sensitive data.
Why is Salesforce requiring MFA?
The global threat landscape is continually changing, and the types of assaults that can cripple a firm and abuse customers are becoming more prevalent. Salesforce recognizes that maintaining the confidentiality, integrity, and availability of each customer’s data is critical to their success, and they take data security seriously.
As a result, Salesforce announced on February 1st, 2022, that MFA would be enabled for accessing Salesforce data with no extra cost. Users will not be locked. Users will able to login for next 6 months but after 6 months MFA will be enforced by Salesforce.
MFA Verification Method In Salesforce
When MFA is enabled for Salesforce products, users should complete a verification method in addition to their username and password during the login process.
Salesforce MFA only supports robust verification methods, ensuring that the user is who they claim to be. Salesforce’s Multi-Factor Authentication (MFA) provides four different robust verification techniques.
1. Salesforce Authenticator App: A Salesforce Authenticator mobile app makes MFA simple for users by incorporating MFA into the login process.
2. Third-party TOTP Authenticator app: Salesforce allows third-party authenticator apps to produce temporary codes using the OATH time-based one-time password (TOTP) algorithm (RFC 6238).
- Google Authenticator
- Microsoft authenticator
3. U2F or WebAuthn Security Key: Security keys are small physical devices that are simple to use because they don’t require any installation or entry of codes. This is an excellent solution if consumers don’t have access to a mobile device or if cell phones are prohibited on the premises.
- Yubico’s YubiKey
- Google’s Titan Security Key
4. Built-In Authenticators: Built-in authenticators leverage a device’s biometric reader, such as a fingerprint, iris, or facial recognition scanner, to validate a user’s identity. In certain circumstances, built-in authenticators use a PIN or password that the user creates with their device’s operating system to confirm a user.
- Windows Hello
- Touch ID
- Face ID
Let’s look at the advantages and drawbacks of each type of verification method available in Salesforce solutions.
|Bases||Salesforce Authenticator App||Third party TOTP Authenticator app||U2F or WebAuthn Security Key||Built-In Authenticators|
|Description||Users may effortlessly link their Salesforce accounts with this smart and simple mobile app.||Apps use the OATH TOTP method to create unique temporary verification codes.||Public key cryptography is implemented on a physical device.||Confirm identity with a pin or password and a fingerprint, iris, or face recognition scan.|
|Form Factor||iOS and Android mobile apps||Multiple operating systems have apps available.||Support U2F and WebAuthn standards for USB, Lightning, and NFC devices.||Available via the device’s built-in authentication service (Windows HelloTM, Touch ID®, Face ID®, and so on).|
|Cost||Free||Free options and payment options||Starts at approx. $ 20||Starts at approx. $ 25 for biometric devices|