Technology & Operations
Say it with me: Multi-Factor Authentication.

No, this isn’t the name of some fancy mathematical equation. This is a security protocol most of us use all the time, often without even knowing it. Why is this important to you? Well, if you are using Salesforce, whether it’s Nonprofit Success Pack, Education Cloud, Philanthropy Cloud, or any other cloud, you and your users will be required to log in using Multi-Factor Authentication (MFA) as of February 1, 2022.

Why is this new requirement so important? You only need to look at the local news to see that cyber attacks, malware, and ransomware intrusions are becoming more frequent and that protecting your personal information has become more challenging. In fact, according to the 2021 SonicWall Cyber Threat Report, there has been a 62 percent increase in ransomware globally since 2019, and a 157 percent spike in North America alone. Remember the Colonial pipeline disaster earlier this year? What about the JBS hack that disrupted the global meat market? SolarWinds? You get the point.

So, what is Multi-Factor Authentication? Well, MFA requires two pieces of evidence to prove the person is who they say they are. One factor is something the user knows, like a username or password, and the other is something they have, like a credit card or cellphone number. By requiring multiple, different types of authentications, it becomes much more difficult for intruders to enter your system. If this sounds familiar, it’s because most ATMs and gas stations require a card of sorts (debit, credit) followed by a code (ZIP or pin), and there it is, MFA.

Every business operates differently, and of course Salesforce has taken personalization into account and gives you the option to choose from among three verification methods:

  1. Salesforce Authenticator App
  2. Third-Party TOTP Authenticator App
  3. U2F or WebAuthn Security Key

*An email, text message, or phone call will not be acceptable authenticators as emails are easily compromised and texts/calls are easily intercepted.

How do we get started with implementing MFA you ask? We would recommend you start by:

  • Evaluating which method meets your business requirements
  • Inventorying users, roles, and permissions
  • Identifying your top users and determine the level of effort for your project
  • Planning the rollout, change management, implementation, testing, and user support strategies

Tip: We highly recommend you test MFA in your Sandbox and pilot some testing prior to rollout. We also suggest monitoring MFA usage in addition to collecting and evaluating customer feedback post rollout.

Your clients want to know that their information is safe and secure in your hands, and if you’re on Salesforce, you’re already on the most secure cloud-based CRMs in the world. We all know how difficult it is to regain trust in a product or company once it’s been compromised, so let’s not compromise the safety or trust of your clients, constituents, or partners. Let us help you prepare your business for 2022 and beyond!