Salesforce MFA - Required February 1, 2022

Salesforce Multi-Factor Authentication (MFA) Requirements

I am sure that you have heard that Salesforce will require MFA for their Salesforce products as of February 1, 2022. This change applies to Lightning Experience, Salesforce Classic (for those of you that are holding on to Classic), and all Salesforce mobile apps in all editions. I know 2022 seems like a long way off, so you might not need to do anything right now. However, now is the time to get a plan in place.

Salesforce is requiring MFA because the global threat landscape is constantly evolving, and the types of attacks that can cripple a business and exploit consumers are on the rise. Using only a username and password to log in is not sufficient protection against threats. MFA is the most efficient and easiest way to prevent unauthorized account access and safeguard your business and customer’s data.

MFA requires users to prove who they are. Username and password (which should be changed on a regular basis) will still be required, plus another factor that the user has in their possession. The other factor can be the Salesforce Authenticator app accessed through their cell phone; a Third-Party TOTP Authenticator App such as Google Authenticator, Microsoft Authenticator or Authy; or U2F Security key such as Yubico’s YubiKey or Google’s Titan Security Key. This kind of security makes it much harder for bad actors to access your Salesforce environment.

Here are several tools Salesforce has created to get you started.