Review Multi-Factor Authentication Controls

Multi-factor authentication (MFA) is a secure authentication method that requires users to verify their identity with a second piece of evidence (or factor) in addition to their password.

To protect users from security threats like phishing, credential stuffing, and account takeovers, Salesforce requires MFA for all logins to Salesforce products. As security threats grow more common, it's increasingly important to implement strong measures to protect your Salesforce data, your business, and ultimately, your customers. Usernames and passwords alone are no longer sufficient for guarding against unauthorized account access. By requiring multiple forms of verification to confirm a user's identity, MFA is one of the most straightforward and powerful methods for strengthening login security.

Security Health Review uses configuration signals to assess your MFA implementation against Salesforce best practices, identifying high-risk security and business gaps.

• Implement Multi-Factor Authentication for Salesforce Orgs
  Multi-Factor Authentication (MFA) adds a verification factor beyond passwords, significantly reducing the risk of account compromise.
• Configure the MFA Verification Methods Available to Users for Salesforce Orgs
  Salesforce supports multiple MFA verification methods so users can verify their identity during login or device activation.