Matthew Lamb, CTO

What Salesforce Customers Need to Know About Multi-Factor Authentication

It’s a new year and a new opportunity to strengthen your Salesforce org’s security. As it turns out, Salesforce agrees. On February 1st, Salesforce is requiring every customer to enable Multi-Factor Authentication for users accessing any Salesforce product interface. 

The good news is you and most users are probably already familiar with the security measure. Maybe your company was ahead of the curve and enabled Salesforce MFA for your org last year. If not, you probably already use MFA to access your bank account, social media accounts, and more in your day-to-day life. Implementing changes to your org isn’t always fun or easy, but this one is important. Digital security is an evolving threat that we all face, and MFA is an effective way to enhance login security and protect your data. 

What does Multi-Factor Authentication look like?

MFA increases protection for users against phishing attacks, credential stuffing, and account takeovers. During the login process, MFA requires users to enter two or more pieces of evidence (or factors) to prove their identity. In addition to a username and password to log in – the most common form of identity factors – MFA requires a device the user has in their physical possession, such as an authenticator app or security token. A familiar example of how MFA works is withdrawing money from an ATM – your pin is your known password and your debit card is the physical key. 

Why enabling MFA is important for your Salesforce org

Cyber-attacks and the exploitation of consumers are on the rise, and it’s more important than ever for businesses to understand evolving global security risks. The widespread transition to remote work environments and, consequently, the sharing of user logins, have only exacerbated these risks. MFA is a simple and effective way to protect Salesforce users and strengthen data security. 

How MFA will impact Salesforce customers working with Salesforce partners 

Sharing user login information has always been the easiest way for Salesforce partners to access an org, but the enforcement of MFA will soon make that a thing of the past. This change may sound like a nuisance, but sharing logins creates more opportunities for unauthorized account access that puts your data at risk. MFA will only more your org more secure. 

As a Salesforce partner, we consider the MFA requirement to be an excellent opportunity for customers to reassess data security and strengthen security measures. As a best practice, we recommend all customers provide every person who touches your org with their own license. 

Is your org ready to enable MFA on February 1st? If you’re looking for more clarity on how your partners should be navigating MFA, please contact us today. 

Tips for Reducing your Salesforce Technical Debt

Creating technical debt for your Salesforce system isn’t the end of the world; it’s an unavoidable necessity. Ward Cunningham, the American computer programmer who coined the term, maybe said it best back in 1992: 

“Shipping first-time code is like going into debt. A little debt speeds development so long as it is paid back promptly with a rewrite… The danger occurs when the debt is not repaid. Every minute spent on not-quite-right code counts as interest on that debt.” 

Decades before cloud-based systems and digital transformation became the norm, Ward recognized a basic truth of development–technical debt is inevitable, but it shouldn’t be unmanageable. Just like any financial loan, it needs to be accounted for and paid off promptly. 

We know technical debt isn’t a new concept, but it always deserves revisiting. That’s why on the heels of our 2020 Salesforce Talent Ecosystem Report we felt an obligation to explore technical debt in the context of evolving demands for Salesforce talent, particularly two interesting anomalies:

  • Declining demand for Salesforce Architects
  • Global demand for developers is outpacing architects.

To continue reading, head to Salesforce Ben for the full post.

How To Prepare For The New Salesforce Guest User Security Policy

In less than a month, Salesforce will be rolling out new security settings that may affect how users interact with your public websites. If you’re currently hosting public sites built on,, or Communities, here is everything you need to know about Salesforce’s new Guest User Security Policy and steps you can take both in-house or with 10K’s help to manage these changes if your organization is impacted.

What Does the New Policy Affect?

The policy outlines new security settings that are set to be auto-enabled in the Summer ‘20 release (mid-July). These settings will impact how you secure guest user record access and assign new records created by guest users to the default owner.

What is a Site Guest User?

A Site Guest User is a special type of user that you use in conjunction with a site or Salesforce Community that allows you to build functions for external users who don’t have full licenses to your Salesforce org. The Site Guest User governs the permissions for external users when they interact with a Site or Community page prior to logging into the Site or Community. 

When these upcoming security settings are auto-enabled, you could experience an impact to your data visibility (what users can see), record updates (how users can edit their profile), guest flows (how users access creation flows), and user visibility (how users can see other Community members).

I’m Impacted – What Does This Mean For My Org?

The good news is you still have time to take action before the new settings go-live in July. If you want to opt-out of these changes for now, you can enable the ‘Opt Out of Guest User Security Policies Before Summer ’20’ Critical Update within your org. While the Summer release allows you to opt-out and disable the new security settings, the Winter ‘21 release will not. To avoid things breaking, we seriously recommend a proactive assessment of your org. 

I Don’t Want Things to Break. How Can I Prepare For the Summer ‘20 Release?

Depending on your team’s bandwidth, 10K Advisors recommends two different routes of action: 

Test In-House

Salesforce has provided immediate actions so you can prepare ahead of the Summer release:

  • Step One: Identify your org’s sites and communities. 
  • Step Two: Install & utilize the Guest User Access Report Package to assess the impact of the changes. Make sure to run the report for each site and community, and to use a separate browser. 
  • Step Three: Alter your Site and/or Community functionality to ensure it will still function with the new Site Guest user changes. 

You can also join the new “Securing Community Cloud” Trailblazer group to troubleshoot your testing. 

Use 10K Advisors

With the changes being less than a month away, we know completing the testing process and creating a game plan will be a big ask for most organizations (especially if you have a high volume of sites and/or communities). 

For a limited time, 10K Advisors is offering a full security assessment of your sites and communities starting at $500. We’ll manage the entire testing process, walk you through the results, and provide recommended actions. Fill out a few quick details and a 10K expert will be in touch to kick-off the process. 

Have any questions? Contact us at