MFA stands for Multi-Factor Authentication, meaning that users need to authenticate their sign-on with both a username & password and an added confirmation, like an email and text code. Or even more secure would be an outside MFA app that can generate a time-based one-time-password (TOTP). It is an added layer of protection to the account. MFAn is designed to help prevent unauthorized users from accessing an account. MFA helps protect against hackers, phishing attempts, and other security threats. With modern technology, it’s too easy for unauthorized users to gain access to a username and password combination, but much more challenging to also know the extra security code tied directly to your device.
Salesforce put together this video to explain how multi-factor authentication works to prevent further unauthorized account access.
SSO, or Single Sign-On, will not meet the requirements for Salesforce’s MFA conditions down the line UNLESS that SSO system also has MFA enabled. Many SSO solutions will have an MFA option that can be added easily, but until that is activated, the SSO alone will not be sufficient to meet the needs for MFA. While a single-sign on is a convenient way to sign in to all your apps with a single username and password combination, that still leaves apps vulnerable to intrusion. By using multi-factor authentication, the accounts are much more protected and secure.
The team at GrowthHeroes has put together this guide for implementing multi-factor authentication within Salesforce:
Adopting the Salesforce Multi-Factor Authentication (MFA) Requirement