Member-only story
Making sense of 2FA / MFA for Salesforce small NPSP orgs
You may know that 1st February 2022 Multi-Factor Authentication will be mandatory for all internal users in Salesforce Organisations (inc NPSP)…it might be why you are reading this. On their announcement page Salesforce clarifies what MFA is: ‘MFA requires two or more factors, providing options for many combinations of authentication mechanisms. 2FA, on the other hand, is a subset of MFA that requires two factors only.’
Email and text is better than nothing but it is not good enough. If you are going to be supporting your users in creating new habits you might as well make these future-proof. It’s great that Salesforce is leading the way by saying we must all use apps (or hardware keys) by Feb 22.
Authenticator Apps are the most practical and cheapest solution (its free). Essentially it turns your phone into one of those code generators that banks sometimes hand out. Unlike your bank account, an organisation’s data is not guaranteed or safeguarded by the government. There is a case to be made that any person trusted to access your organisation’s database should guard that access as closely as they do their bank account access.
