What’s happening
Salesforce is making important changes to how most users log into Salesforce to make the process more secure, starting on July 1st, 2026, and rolling out over 30 days after that. These changes will apply to all organizations, even if you are already using MFA, and you need to be prepared, not just for yourself, but for any of your users who will look to you for advice. The updates from Salesforce refer to something called Phishing-Resistant MFA – this article is to help you understand what this is, and what actions you need to take.
PLEASE DON’T IGNORE THIS! If you are already using an authenticator app to get a verification code each time you log into Salesforce, this won’t be sufficient for certain types of users, including System Admins. Unlike the original MFA requirements, Salesforce is enforcing these changes on a very short timeline.
We have made the full blog post a Google Doc so we can easily update as we learn of more changes.
