Salesforce Multi-Factor Authentication July 20, 2021 by Justin Gilmore Thinking in: CRM/AMS, Salesforce What Is It and Why Should You Comply with It? As a nonprofit, you regularly collect and store an enormous amount of digital personal information. Without your donors, members, and volunteers — plus their names, addresses, and other contact information! — you cannot accomplish your mission. You’re already committed to being a good steward of the money you raise, the land you care for, the people you serve; that must also apply to the data you store. Your data is valuable, and protecting it is vitally important. Multi-factor authentication is your best protection with Salesforce. If you’re using Salesforce, you’re already off to a great start with the built-in protections of the platform, and now Salesforce is rolling out new password policy requirements to help its users be good stewards. Every password used in an organization is a security hole. The largest ransomware attacks and corporate data breaches have been caused by compromised passwords for noncritical systems that allowed access to critical systems. (Check out this post from early 2020 for our tip on how to protect your personal accounts from being compromised.) Requiring that you provide both something you know (your password) and something you have (your phone) makes it harder for your passwords to be compromised. That’s the definition of multi-factor authentication, or “MFA.” MFA describes a security feature that requires a user to present two or more “factors,” or pieces of information, to prove their identity when logging in to the system. For example, this might look like logging in to Salesforce with your regular username and password, and then using an app on your phone to confirm your login attempt. This video from Salesforce helps to explain these concepts further: https://www.youtube.com/watch?v=SzfsxtMqygI Starting February 1, 2022, Salesforce will begin requiring customers to activate MFA protections on their accounts. We are encouraging our clients to take action now, and set up the Salesforce Authenticator app to authorize login attempts. (If access to mobile phones is an unreasonable requirement for your Salesforce users, there are alternatives to using the mobile application; this is the default option we’re recommending for all of our clients, though.) Here’s how to get started: Download the Salesforce Authenticator App here:Apple App Store (iOS)Google Play App Store Create a permission set called Multi-Factor Authentication and assign the permissions set to yourself, as shown in this quick video: Share via: Facebook Twitter LinkedIn