Security News > 2022 > January > Salesforce mandates MFA by default

This change has profound implications: customers unable to implement MFA across their access by the set date can continue to use Salesforce without MFA at their own risk.

Thales statistics suggest that 90 per cent of cyberattacks utilise compromised credentials in some way, which if correct implies that failing to implement MFA on Salesforce is potentially shifting responsibility for almost all cyberattacks involving the service.

Yet the technology to defend accounts has been available for years in the form of MFA authentication apps, hardware tokens, and password-free options, all of which are supported by Salesforce.

Of course, telling organisations to implement MFA and that happening are not the same thing which is presumably why Salesforce gave customers 11 months' notice of the need to comply.

For these customers, rolling out Salesforce MFA could be a matter of expanding what they're already doing.

"The main priority for Salesforce customers will be to implement MFA for Salesforce. But they shouldn't stop there and should ideally do an assessment of which other applications and users they might need to protect this way," recommends Bethlehem.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/01/07/salesforce_mandates_mfa_by_default/