WatchGuard Blog

Getting Ready for Salesforce MFA Requirement

As the leading customer relationship management platform, Salesforce is an excellent target for hackers looking to make a buck and steal sensitive data from all types of businesses. Recognizing this, Salesforce issued a requirement that takes effect on February 1, 2022, mandating all customers use MFA to access Salesforce products

What's the Risk? 

The biggest issue with credentials for many organizations is that their employees reuse the same passwords across many business AND personal accounts. According to Digital Shadows, over 15 billion stolen credentials are available on forums frequented by cybercriminals today. If your employees are like 61% of the population,1 chances are they are frequently reusing passwords, despite knowing the dangers. What’s the risk? Just look at the Zoom credential stuffing attacks of 2020, in which 500,000 passwords were offered for sale.  

With Salesforce, the risk is much higher, since it provides access to the heart of your organization: your customers’ relationship data. 

What the Salesforce Mandate Means for You 

Customers of Salesforce, and any products built on the Salesforce Platform, are contractually obligated to activate multi-factor authentication. Salesforce has announced they will automatically enable MFA on all accounts to help customers meet the requirement starting as early as September 2022. 

Have a third-party MFA already? Salesforce recommends integrating your Salesforce products with that system instead of enabling a Salesforce product's MFA functionality to reduce implementation timelines and minimize costs. 

Setting up AuthPoint to Meet the Salesforce MFA Requirement 

AuthPoint integration with Salesforce is easy and can be accomplished in minutes. Our Salesforce Integration Guide gives you step-by-step instructions for configuring Salesforce, setting up AuthPoint as the IdP, establishing policies, and deploying to your team.  You can also find more in our Cybersecurity insights Salfesforce Requires MFA. 

What’s more, AuthPoint provides single sign-on capabilities, so you can control access to Cloud applications using multi-factor authentication and a WatchGuard Firebox instead of passwords alone.   

Salesforce Allowed MFA Methods 

The Salesforce MFA FAQ contains plenty of answers about this mandate. One common question, covered in this FAQ, refers to the allowed MFA methods. As we all know, MFA methods that use SMS or email OTPs are easy to bypass and have been used on multiple attacks where those methods are still in use. Most recently, in early February, Vodafone Portugal was attacked by LAPSUS$ group using a stolen credential and a SIM swapping technique to hack SMS OTP.  

To the question “Can we use email, SMS, or phone calls as MFA verification methods?”, the answer is categorically no. Push-based authentication is the option that still provides the best balance between user experience and security. 

Are You Still Looking for an MFA Solution? 

As one of G2 Crowd's top alternatives to Salesforce MFA, WatchGuard's AuthPoint solution customers are ahead of the game. 

Check out our free AuthPoint demo to see the solution in action!