Post-it note that says, "My password 123456" with marker on a laptop keyboard.
PHOTO: Vitalii Vodolazskyi

Salesforce gave its customers a year in advance to prepare for its multi-factor authentication (MFA) requirement across its platforms. The compliance date arrived the first day of this month.

"Adopting an MFA at scale doesn’t happen overnight," Salesforce officials wrote in a Feb. 1 blog post. "It takes time to educate employees and work out procedural kinks. For instance, our IT department had to come up with a process for quickly helping employees who broke or misplaced their security key or phone with the authenticator app."

MFA adds security to a company's data and employees' accounts, according to MarketWatch. Through multi-factor authentication, users get security because they have to verify themselves as account holders through multiple authentication methods. The two- or three-step verification helps employees securely gain access to applications, online accounts or a VPN.

MFA is a secure authentication method that requires users to prove their identity by supplying two or more pieces of evidence (or “factors”) when they log in — something they know, such as their username and password, and something in their possession, such as an authenticator app or security key, according to Salesforce officials.

As remote work has grown, so too has the threat landscape. And where businesses are leaving gaps, cybercriminals are happy to exploit them, Salesforce officials added.

Salesforce believes protecting customer data is a shared responsibility between Salesforce and customers, company officials wrote. "And because enabling multi-factor authentication (MFA) is one of the easiest, most effective actions businesses can take to help secure their data against the majority of common cyberattacks, Salesforce is now requiring all of its customers to use MFA to access Salesforce products."

Whether a company uses the second factor or single sign-on (SSO) for MFA, there may be an initial upfront purchase with a vendor and an ongoing annual cost. Salesforce officials promised it's not a sunk cost.

"MFA is about protecting sensitive data," Salesforce officials added, "and it was important to reflect that in our communications and rollout — to make sure employees understood the change, and that they knew this would not be a major interruption to their day job."