Always Implement 2FA when providing web services on top of Salesforce

How many time have you herd the sentence “SECURITY is never enough” ? especially in IT and digital services we always add new fences, walls and procedures to prevent any type of breach. One of the impacts of the ever growing security threats are the new laws regarding Data Privacy like the GDPR recently applied in the EU.

Every company and organization today holds Private Customer Data, which is normally stored in our CRM DB, but on the other hand we need to use this data to provide services to our customers and partners. In order to make sure only the right person gets access to his personal data we must use a smart validation also knows as 2 factor authentication.

According to Wikipedia: “Two-factor authentication (also known as 2FA) is a method of confirming a user's claimed identity by utilizing a combination of two different components. Two-factor authentication is a type of multi-factor authentication. A good example from everyday life is the withdrawing of money from a ATM; only the correct combination of a bank card(something that the user possesses) and a PIN (personal identification number, something that the user knows) allows the transaction to be carried out.”

When it comes to Salesforce we know they invest millions in keeping our Data safe and as long as our users are working in salesforce then no data loss is expected unless done intentionally by a trusted employee or advisor. On the other hand when we build services on top of salesforce to support our business needs the responsibility to keep the Data safe is on us and with the new Data Privacy laws any type of breach could mean a huge penalty (up to 20M Euro according to the GDPR).

As salesforce administrators, developers and implementers we need to make sure that any service we offer to our customers, partners, associates, members or any other outsider will undergo smart validation using 2FA authentication.