Multi-Factor Authentication: As Easy as Washing Your Hands!

By

How many times a day do you wash your hands? If you think this seems like an absurd question, and totally unrelated to security, you’re wrong… kind of. How are security and health connected? Both require good personal hygiene, a concept as familiar as washing your hands or (you guessed it!) brushing your teeth.

So, what is cyber hygiene, and how can you get better at it? Cyber hygiene can be thought of as best practices, often simple in nature, that keep your systems healthy and your data secure. These best practices are part of a defense in depth strategy — a strategy that ensures there are multiple layers of security so that if one layer fails, another will be there to protect everything. One of the most important, and simplest, cybersecurity best practices is using multi-factor authentication (or MFA, also referred to as two-factor authentication) to secure access to user accounts. MFA asks the user to take an extra step in the login process every time they log in (the hygiene part), but provides an extra layer of protection from intruders that is very difficult to get around.

MFA delivers this extra layer of protection against common security threats by requiring users to verify their identity with two or more pieces of evidence (or factors). These factors are typically something the user knows, such as a username/password combination, plus something they have in their possession, like the code from an authentication app on a mobile device.

You probably use MFA all the time without realizing it. A familiar example of MFA is the process of withdrawing money from an ATM. Your ATM card is something you have, and your PIN is something you know. See, you’re an MFA expert already!

While MFA has become the standard for securing user access in more technical circles, it’s still not widely adopted by the rest of us. Which is a shame, because MFA also protects users from some of the most common cyberattacks, such as phishing and credential stuffing. Just because you’re working from home doesn’t mean hackers are taking a break from their jobs. In fact, there has been a notable uptick in cyber attacks since the beginning of the COVID-19 pandemic.

Many phishing campaigns unfortunately target users with hooks that play on vulnerable situations, like the pandemic or challenges related to working remotely. Researchers at Google estimated that phishing websites increased by 350% between January and March 2020, and mobile phishing attacks went up by 37% this spring, according to a June 2020 report.

What’s clear is that your data is still just as valuable to hackers, even though you’re working from home. Luckily, a great way to combat common cyberattacks like phishing is by setting up MFA!

We’ll go into how to begin rolling out MFA to your users in part two of this series, but if you’re interested in learning how to set up MFA for yourself today, check out our new MFA for Admins Quick Guide.

Core responsibilities of a Salesforce Admin

Core Responsibilities of a Salesforce Admin: Your Blueprint for Success

As admins, you hold the keys to success for your users and companies to get the most out of Salesforce. You have the unique opportunity to build and manage trusted solutions that drive productivity and innovation through five core admin responsibilities: security, user management, data management, analytics, and a new core responsibility: product management.  The […]

READ MORE
User management enhancements Winter '25

User Management Enhancements | Winter ’25 Be Release Ready

Winter ’25 is almost here! Learn more about user management and check out Be Release Ready to discover more resources to help you prepare for Winter ’25. We’re continuing to innovate in Setup starting with user access and user management. We have several exciting enhancements in store for Winter ’25–many thanks to your feedback and […]

READ MORE
Troubleshoot user access with SOQL

How to Troubleshoot User Access with SOQL (Beginner Friendly)

Awesome Admins, we know that troubleshooting user access is a common task. You’re frequently asked questions like “Why can Jane access this field, but John can’t?” or “Why can John view this record when he shouldn’t be able to?” In Summer ’24, we introduced helpful summary views for users, public groups, permission sets, and permission […]

READ MORE