Security Updates in the Spring ‘17 Release

By

New year, new resolutions. What a great time to address some of those security concerns for the upcoming year!

With that in mind, we’re introducing updates in the Spring ‘17 release like enhanced two-factor authentication (2FA) verification and faster Lightning Login to make hitting those 2017 #securitygoals a little bit easier. These are important improvements that could really make a difference in your organization’s data security, so trust us on this: you’ll want to keep reading.

Easier, Better Authentication

When your users go to log in to Salesforce, they first encounter a login screen. The login process provides us with an opportunity to authenticate the user (making sure the credentials entered are really being used by the intended person). Because this is such a crucial step in the overall protection of your data, we thought this was a great place to focus our efforts. Starting in Spring ‘17, users will be required to verify their identity when attempting to add two-factor authentication (2FA) methods.

To further protect your organization’s account credentials, anyone who chooses to add a 2FA method will be prompted for identity verification instead of logging in with their username and password. Users can verify their identity using any method that they have access to, including Salesforce Authenticator, verification codes from an authenticator app, U2F security keys and temp codes/one-time passwords.

Simplified Lightning Login

You may remember Lightning Login from Winter ‘17. If you haven’t upgraded to it already, you should.

Why? On top of the convenience of password-free logins, we’ve refined the authentication process to make Lightning Logins faster by allowing users to tap Approve in Salesforce Authenticator on mobile devices that are already unlocked with a fingerprint or PIN. A fingerprint or PIN is no longer required if the device is unlocked or the user has the “Two-Factor Authentication for User Interface Logins” permission enabled. On locked devices, users will still be required to use a fingerprint or PIN to login to the device itself, but will no longer need to provide additional credentials to gain access to the app.

Be sure to encourage all your Lightning Login users to upgrade now to the latest version of Salesforce Authenticator so they can continue logging in password-free! 2FA is built into Lightning Login, saving you the work of managing a separate, redundant 2FA requirement for Lightning Login users. Users can check their current version in the app store on their mobile device.

If you’re eager to up your security game, check out this webinar on How to Become a Security-Minded Admin.

For more information on things you can do to become a Salesforce security expert, check out these awesome resources:

light blue background with navy text "Security Center" and underneath Astro is holding a large key

Security Center: A Single View Into Your Security Controls Across All Your Orgs

In a world with heightened security awareness and digital risks at every corner, Security Center makes it easier than ever to truly understand your Salesforce security posture. With native support for both single and multi-org environments, Security Center provides a single-pane view of the security configuration and controls in place across your entire Salesforce implementation. […]

READ MORE

Multi-Factor Authentication: As Easy as Washing Your Hands!

How many times a day do you wash your hands? If you think this seems like an absurd question, and totally unrelated to security, you’re wrong… kind of. How are security and health connected? Both require good personal hygiene, a concept as familiar as washing your hands or (you guessed it!) brushing your teeth. So, […]

READ MORE

Critical Update: Ensure Users Have Access to @AuraEnabled Methods

Winter ’21 is just around the corner and will include a critical update that could impact any page leveraging a custom component. As a Salesforce Admin, you’ve probably noticed this alert in your Security Alerts (Setup | Security | Security Alerts) and might have overlooked this. But because it involves permissions and user management, we […]

READ MORE

Have an Idea for a Story?

We are all about the community and sharing ideas.
Do you have an interesting idea or useful tip that you want to share?

SHARE YOUR IDEA