Multi-Factor Authentication with Salesforce
Table of Contents
Starting July 2026, multi-factor authentication (MFA) will be required for all Salesforce/HomeKeeper Users. This article will define MFA and walk you through the accepted types of MFA.
What is MFA?
Multi-factor authentication (MFA) ensures a user’s identity by requiring multiple “factors” during the login process.
- The first factor is something a user knows — their username and password.
- After that, the user is prompted for a second factor that’s in their possession — an identity verification method such as an authenticator app or security key.
By using multiple factors, it is harder for someone to break into your system. If a user's password is stolen, you don't have to worry about your data becoming compromised.
Acceptable MFA Methods
Beginning July 2026, all users will be required to use one of the following methods to access Salesforce/HomeKeeper:
| MFA Method | Type | Level of Access |
| Built-In Authenticators (Windows Hello, Touch ID, Face ID) | Phishing-Resistant | Valid for System Administrators |
| Security Keys (YubiKey, Titan Security Key) | Phishing-Resistant | Valid for System Administrators |
|
Authenticator Apps (Salesforce Authenticator, Google Authenticator, password managers like 1Password) |
Standard | Not valid for System Administrators |
CAUTION: Administrators - Know your Org ID! If you get locked out of Salesforce for any reason, Salesforce support will need this information to get you logged back in. Here is a Salesforce Help article with instructions to find your Organization ID.
Additional Information
Built-In Authenticators (Phishing-Resistant, works for Admins): These allow users to quickly verify their identity with a fingerprint, iris, or facial recognition scan (or in some cases, with a PIN or password that the user sets up in their device’s operating system). Includes Windows Hello, Touch ID, or Face ID.
Learn More About Built-In Authenticators
Security Keys (Phishing-Resistant, works for Admins): Security keys are small physical devices that are easy to use for multi-factor authentication (MFA) logins because there’s nothing to install and no codes to enter. This type of method is a great option if users don’t have a mobile device. Includes the YubiKey and Titan Security Key.
Learn More About Security Keys
NOTE: If you're using a Security Key, set up a second method! If you loose your security key, or don't have access to it, having a second method of verification will insure that you are still able to log into your instance.
Authenticator Apps (Standard MFA, will not work for Admins): These apps generate a time-based one time password that can be used to login. They include the Salesforce Authenticator app, as well as third-party apps such as Google Authenticator, Microsoft Authenticator, and certain password managers.