Future Requirement to Enable Multi-Factor Authentication (MFA)
Where: This change applies to Lightning Experience, Salesforce Classic, and all Salesforce mobile apps in all editions.
When: The MFA requirement is effective beginning February 1, 2022. The terms of service in the Notices and Licenses Information section of the Salesforce Trust and Compliance Documentation require MFA for direct and SSO logins to Salesforce products as of this date. But we encourage you to begin planning now and implement MFA as soon as possible.
Why: The global threat landscape is constantly evolving, and the types of attacks that can cripple a business and exploit consumers are on the rise. A key part of your security strategy is safeguarding access to your Salesforce user accounts. But used on their own, user credentials don’t provide sufficient protection against threats like phishing attacks, man-in-the-middle attacks, and credential stuffing. That’s where MFA comes in. It’s one of the easiest, most effective ways to prevent unauthorized account access and safeguard your business and your customers’ data.
How: MFA requires users to prove they’re who they say they are by providing two or more pieces of evidence—or factors—when they log in. One factor is something the user knows, such as their username and password combination. Other factors are verification methods that the user has in their possession, such as the Salesforce Authenticator app or a physical security key. By tying logins to multiple, different types of factors, it’s much harder for a bad actor to access your Salesforce environment. To learn more about MFA, watch the How MFA Works to Protect Account Access video.
We’re here to help you get ready for the MFA requirement. To get started, check out the Multi-Factor Authentication Assistant. In Lightning Experience, from Setup, in the Quick Find box, enter MFA, then select Multi-Factor Authentication Assistant.