While innovative in 2007, Identity Confirmation by email suffered a variety of usability challenges as mobile computing took hold across enterprises.
Salesforce realized early on that mobility was becoming a major focus for businesses on a global scale. As part of this focus, Salesforce felt the need to move away from email based verification and authentication to a solution that not only enabled mobile computing, but leveraged a more secure infra-structure. This was a key driver in finding an alternative authentication solu-tion to email and offering SMS Identity Confirmation made perfect sense.
To meet these challenges, Salesforce replaced email two-factor authentication as its default feature for Identity Confirmation with authentication via SMS using Telesign.
This brought numerous advantages. The mobile phone is the most universal personal device on the planet. By using this as a trust anchor, Salesforce was able to reach a broader user base, across the entire globe.
Salesforce uses a variety of methods to verify that a login source is authorized. Now, whenever a Salesforce user logs on to a computer, browser or IP address that’s not recognized, their Identity Confirmation system triggers a one-time passcode (OTP) which is sent by SMS through Telesign to the user’s mobile phone number on record.
Identity Confirmation by SMS has been so effective it is now the default option for all Salesforce customers with verified mobile phone numbers.
Users who do not have a mobile number on record are prompted to enter a mobile phone number upon login. (While email Identity Confirmation is still available, this is only an option for system administrators who wish to re-enable this function for users without mobile devices.) “We needed a partner that could scale to support our ever expanding global footprint. Telesign delivered the scale we were looking for.” Chuck Mortimore, VP, Product Management, Identity and Security.