Introduction to Two – Factor Authentication

  • Two-factor authentication is a security feature that can be enabled by admins to add a second layer of security during the authentication process.
  • It is a security process that cross-verifies users with two different forms of identification to access their Salesforce application. These two forms typically include knowledge factors (something that you know like a password) and Possession factors (something you can validate against like a text code generated and sent to your mobile). Some non-salesforce applications also support Inherence factors (unique physical attributes that are inherent to a single person, such as fingerprint readers, retinal scans and voice recognition)
  • Two-factor authentication also enables businesses and public institutions to be more productive and efficient, allowing employees to perform remote tasks with far fewer security concerns.

Risks that 2FA aim to Mitigate

  • Implementing 2FA is one of the simplest and most effective actions that a company can take to improve the security of the Salesforce deployment to ensure only authorized users can access the secure data.
  • Two-factor authentication, used in conjunction with a username, can prevent unauthorized access and credential leakage by ensuring that only a user, who can be validated against a second authentication factor, will be authorized to access the online resource
  • It incorporates logical and physical security which helps in filling the gaps in both security domains and reduces risk. In addition, it can reduce brand, reputation, and customer relationship damage resulting from identity theft fraud.
  • The benefits encompass bringing improved security, productivity, and flexibility in the workplace, fraud reduction, and having secure online relationships.
  • Two out of three [attacks] focus on credentials at some point in the attack. Trying to get valid credentials is part of many styles of attacks and patterns.
  • Two-factor authentication can play an important role in securing Salesforce application by blocking a number of application-based attacks like
    • Two out of three [attacks] focus on credentials at some point in the attack. Trying to get valid credentials is part of many styles of attacks and patterns.
    • brute force and dictionary attacks, in which perpetrators use automated software to generate massive amounts of username/password combinations in an attempt to guess a user’s credentials.
    • social engineering attacks, e.g., phishing and spear-phishing, which attempt to dupe a user into revealing sensitive data, including their username and password
  • 2FA can be further customized in the following ways
    • Set up 2FA for every time a user logs in to Salesforce, or enable this feature to API logins.
    • Use Stepped up or High Assurance authentication to secure certain resources like connected apps or reports.
    • use login flows to build post-authentication requirements including custom 2FA processes.

References

Leave a Reply

Your email address will not be published. Required fields are marked *