Salesforce is requiring MFA: Why this matters and what you can do

As sophisticated cyberattacks continue their relentless pursuit towards SMBs and enterprises, companies must prioritize improvements to their cybersecurity infrastructure to better secure their customers, employees, and partners. Username and passwords no longer provide adequate security against the ever evolving landscape of cyberattacks.  

Late last year, Salesforce took a strong and decisive stance, announcing that beginning February 1, 2022, the company will require its customers to enable multi-factor authentication (MFA) to access its products, solutions, and platforms. This requirement complements similar initiatives from other tech giants like Google and Twitter, and most recently the US Government via its Executive Order 14028, which states that by 2024, SMS tokens and push notification authentication apps utilizing one-time passcodes will no longer comply with US government requirements.

Yubico applauds Salesforce’s latest move to enforce MFA and its support for phishing-resistant, FIDO-based security key authentication. With MFA in place, companies like Salesforce are greatly enhancing the security of their customers and platforms, while delivering a positive user experience.

Salesforce’s requirement will significantly accelerate the adoption of strong and modern hardware authentication across the globe and better secure hundreds of thousands of customers and companies against cyber threats that can cripple businesses.

According to Ian Glazer, Senior Vice President of Identity Product Management at Salesforce, “At Salesforce, trust is our number one value, and protecting customer data is paramount. Driving adoption of strong MFA, the single best thing people and organizations can do to protect their user accounts and data, requires a range of MFA options, such as hardware keys. Through partnership with our customers to spread the use of MFA, we can make it much harder for common threats like phishing and credential stuffing to succeed.

I’m ready to implement MFA, but which one should I pick?

Most traditional (or legacy) MFA methods, such as SMS, one-time passcodes, and mobile authenticator apps, do help prevent cyberattacks—but it is worth noting that not all MFA options are created equal. For example, SMS-based authentication has time and time again been proven to not be effective enough to secure an enterprise. And it is important to note that Salesforce is requiring the use of strong MFA methods and not allowing email or SMS-based one-time passwords.

Moving to modern FIDO-based (U2F/FIDO2/WebAuthn) authentication allows an organization and their users to achieve phishing-resistant MFA. Physical security keys, like the YubiKey, allow organizations to meet the most stringent of cyber security requirements for authentication, while being extremely user friendly—a simple touch to the YubiKey is all that is needed to authenticate identity and provide secure access. 

These hardware-based security keys are highly secure and fully comply with Salesforce’s MFA requirements. They work across all devices and operating systems to enable secure login to hundreds of online services and applications (without needing network service or batteries), to help eliminate nearly all account takeover risks. 

Choosing the right YubiKey for my business

Whether your business is an enterprise with a complex hybrid IT environment or a cloud native SMB, Yubico has the right key to protect your infrastructure and employees. The YubiKey 5 Series offers multi-protocol security keys in a full range of form factors and the YubiKey 5 FIPS Series is designed to meet all compliance and regulatory requirements. 

If you are looking to support your organization at scale, YubiEnterprise Subscription offers flexible purchase options and in today’s remote and hybrid working environments, YubiEnterprise Delivery  gets YubiKeys to your employees regardless of location.

To find out which YubiKey is the best fit for your organization, visit https://www.yubico.com/quiz/ 

We remain committed to providing the best in class solutions to make the internet a safer place for everyone, from consumers to SMBs to large enterprises. 

——–

To learn more about adding MFA to secure your Salesforce account with your YubiKey, see here

Talk to our teamTalk to our team

Share this article:


  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST
  • 2025 Global State of Authentication survey: A world of difference in cybersecurity habitsIn a world that’s more connected than ever, the landscape of cybersecurity threats is constantly evolving. Bad actors, now supercharged with artificial intelligence (AI), are becoming increasingly adept at exploiting human error through sophisticated phishing and social engineering attacks. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises. […]Read moreGlobal State of Authenticationsurvey
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreYubiKey