Quick win 4. Lightning Login Vs MFA (multi factor authentication)

Confused ?here is the answer -lets keep it simple

MFA — is a way to increase protection to your user accounts. One factor is your user’s username and password combination & second additional factor is something they have in possession to claim / verify their identity as below:

Now there are 3 ways , you could implement Multi factor authentication :

Using Salesforce authenticator APP
Time One time Password Authenticator App (one time temporary passcode; TOTP)
Register with a u2f , universal second factor security key (YUBI’s KEY)

This is enough for the context

last important: You can also enable MFA requirements for Salesforce orgs and communities.

You would like to implement take a help from here https://help.salesforce.com/articleView?id=security_overview_2fa.htm&type=5

**********

Now, Lightning Login is another level of extra layer of security on top of MFA. Lightning Login relies on Salesforce Authenticator, the MFA mobile app that’s available as a free download for iOS and Android devices.

• The first factor is something that the user has — for example, a mobile device that has Salesforce Authenticator installed and connected with the user’s Salesforce account.
• The second factor is something that the user is, such as a fingerprint, or something that the user knows, such as a PIN. The second level of authentication enhances security by requiring access to the mobile device and the user’s fingerprint or PIN.

Imp Note: All internal users (not external community users, no customers, partners) are eligible for Lightning Login by default, but you can decide whether to make it available to all users.

You can also determine user eligibility by using the Lightning Login User permission (include this in permission set and expand access)

steps to implement this is:

Enable Lightning Login (create a permission set , under system permissions you find lighting login)

Enroll in Lightning Login (next once the permission set is assigned to the user , user would be able to enroll for this feature)

first time: 1. user login with username & password →2. does the MFA (approve request in your sf authenticator App) and → 3. you see below screen to enroll for lightning login , proceed and approve the connection in your app)

more info , have a look : https://help.salesforce.com/articleView?id=security_ll_overview.htm&type=5

Next time you login, go passwordless. :) hope you find this utility interesting.