“Beginning February 1, 2022, Salesforce will require customers to use MFA to access Salesforce products,” the company said .

Salesforce said users could use security keys, an authenticator app, or an OS biometrics system to secure accounts. However, MFA solutions that rely on sending one-time passcodes via email, phone, or SMS messages won’t be allowed “because these methods are inherently vulnerable to interception, spoofing, and other attacks,” Salesforce explained.

“We encourage users to register multiple verification methods to have a backup in case they forget or lose their primary method,” the company added.