Please be advised you are about to leave the Standards Australia website to proceed to the AustLII website. Click OK to proceed.

Salesforce Multifactor Authentication FAQs

How do I set up MFA?

You will need to download and register an authentication app, e.g. Salesforce Authenticator app. Follow the instructions in this user guide - sections 2 & 3 or section 5: GU-217-Multi-factor-authentication-help-guide

Do I have to use the Salesforce Authenticator app?

No, if you already have another authenticator app on your mobile device, e.g. Microsoft or Google authenticator (or another authenticator app), you can use that instead. If you don't already have one installed, we recommend downloading the Salesforce Authenticator app.

What do I do if I lose, damage, or need to replace my phone?

If you have used the Salesforce Authenticator mobile app to set up MFA, you can back up your connected accounts in the app. If you lose, damage, or replace your mobile device, you can restore your connected accounts on another mobile device.

We recommend doing this once the app is set up, so that you can restore your connected accounts if you unexpectedly lose access to your device. Please see the additional questions in this section for how to backup and restore your connected accounts.

How do I back up my connected account(s) in the Salesforce Authenticator app?

The backup and restore feature is available if you have a Salesforce account connected to the Salesforce Authenticator app. To use the feature and avoid disruptions, ensure you have at least one Salesforce account connected.

You can enable backups by following the steps in the Salesforce help page: Back Up Your Connected Accounts in the Salesforce Authenticator Mobile App

After you enable backups, complete the backup process by verifying your mobile number and setting a four-digit passcode.

How do I restore my connected account(s) in the Salesforce Authenticator app?

If you back up your connected accounts in the Salesforce Authenticator mobile app, you can restore them on another mobile device. See the 'How do I back up my connected account(s) in the Salesforce Authenticator app?' question for how to backup your accounts.

Follow the steps in the Salesforce help page to restore your account(s): Restore Connected Accounts in the Salesforce Authenticator Mobile App

Can I change my linked mobile number in the Salesforce Authenticator app?

It is easy to change your registered/verified number in Salesforce Authenticator mobile app. Just open the 'Settings' and tap the 'Verified number' option. Enter a new mobile number and repeat the verification process.

Can I remove my connected account(s) from the Salesforce Authenticator app?

When you no longer want to use the Salesforce multi-factor authentication app for MFA logins, or want to switch to a new device, remove your Salesforce account(s) from the Salesforce Authenticator mobile app. Follow the steps in the Salesforce help page: Disconnect Salesforce Authenticator from a User’s Account

How do I log in?

The login steps may differ depending on which app you are using. Please refer to the user guide - section 4: GU-217-Multi-factor-authentication-help-guide

Do I have to use MFA every time I log in?

To ensure that MFA is providing the intended protection, you must supply a verification method each time you log in.

However, if you are using the Salesforce Authenticator app, it can automate the extra authentication step when you log in from a trusted place, like the office or home — which means you don’t have to touch your phone when you log in from these locations.

You can set this option in the Salesforce authenticator app settings. In addition, Salesforce Authenticator can automatically trust a location after a user authenticates from the same place three times. To configure these options, see Salesforce help page: Automate Multi-Factor Authentication with Salesforce Authenticator

What is Multifactor Authentication (MFA)?

Multifactor authentication (MFA) is a security measure that requires two or more validations of identity to grant access (e.g. a password and a code via an authentication app). It is an effective way to increase protection for user accounts against common threats like phishing attacks, credential stuffing and account takeovers. MFA offers a significantly higher level of security and protection against criminals, and Standards Australia is already using this for internal employee access.

What is access management?

A framework of policies and technologies to ensure that the right users have the appropriate access to technology resources.

Why is Standards Australia making this change?

Standards Australia makes all reasonable efforts to protect your data, and we use Salesforce to store and manage your data. We are introducing MFA to improve data security and better protect your account data.

Why can't we have codes sent to us via email or phone calls?

Delivering one-time passcodes via email and phone calls are a less secure solution, as these methods are inherently vulnerable to interception, spoofing and other attacks.

Can we use a password manager as an alternative to MFA?

Password managers help drive sound and secure password practices. You can use this type of tool to ensure that users create strong and hard-to-predict passwords, don't re-use passwords, and change passwords on a recommended schedule. But passwords - even strong ones - aren't sufficient protection against unauthorised account access because they can be compromised by common threats like phishing attacks, credential stuffing, and malware. Password managers don't provide the enhanced login security achieved by requiring two or more authentication factors via MFA.

What is Salesforce Authenticator?

Salesforce Authenticator makes the extra MFA authentication step easy because the app automatically integrates into your current Salesforce login process. After a user enters their username and password, the app sends a notification to the user's mobile device (if notifications are allowed by the user). The user taps the notification to open Salesforce Authenticator, verifies that the login request is coming from them, and then they’re logged in.

What are third-party TOTP Authenticator apps?

TOTP stands for "time-based one-time password". You can use any authenticator app that generates temporary codes based on the OATH time-based one-time password. Widely used options include Google Authenticator, Microsoft Authenticator, and Authy.

What is SMS authentication?

SMS authentication is another form of Multi-Factor Authentication (MFA) or 2FA. When a user attempts to sign in, they will receive a text message on their mobile phone containing an authentication code. The user simply needs to enter the received code into the platform to gain access. This additional step verifies the user's identity through their mobile device.

Why have I not received my SMS authentication code?

 a) If you have not received your SMS authentication code, we recommend restarting your mobile device to refresh the device connection. 

b) If you have received a text error message ‘We can't send you a verification code right now. You may have attempted too many verifications in the last hour. Try again later.' - We recommend waiting 1 hour before reattempting. Note: For security reasons, you are limited to 5 attempts per hour.

Do I need to use or update my Credit Card / Banking Information while downloading or using an MFA app or SMS authentication?

No. Installing and using an MFA app is free.  Using an MF Aapp or SMS authentication will never require you to confirm, update or disclose personal, credit card or banking information while installing the app or at any other time while you use it.  Please do not enter or update any financial information while downloading or using an MFA app or using SMS authentication.

Need more help?

If you have any further questions, please contact our Customer Success team using the Submit an Enquiry form, or by phone. Find our contact details on the Contact Us page.