# Salesforce is enforcing phishing-resistant MFA: What you need to know Salesforce is enforcing phishing-resistant MFA for privileged users starting July 1, 2026. Learn what's changing, what qualifies, and how to get compliant quickly with Bitwarden. --- AI-powered phishing and social engineering attacks have made traditional MFA methods increasingly easy to bypass. To better protect the most privileged accounts on its platform, Salesforce announced phishing-resistant standards that provide a stronger defense against sophisticated identity-based threats. Starting July 1, 2026, Salesforce will enforce phishing-resistant MFA for all privileged users, including admins. Organizations must act before that deadline to maintain access. Read on to learn about what's changing, what qualifies, and how to get compliant quickly. ## What's changing Salesforce has long recommended MFA for all users. Now it will be enforced. As of July 1, 2026, Salesforce will be enforcing two tiers of MFA requirements simultaneously: 1. For [all employee users, standard MFA is now required](https://help.salesforce.com/s/articleView?id=005321561&type=1) on every login, whether direct or through SSO. 2. For [all privileged users, the bar is higher](https://help.salesforce.com/s/articleView?id=005321563&type=1). Only phishing-resistant MFA methods, which are those built on FIDO2/WebAuthn standards, will meet the requirement. This also applies to direct logins and SSO logins, across both production and sandbox orgs. The privileged user enforcement applies to anyone with the System Administrator profile or any of the following permissions: Modify All Data, View All Data, Customize Application, or Author Apex. Users who have not enrolled in a compliant method by the deadline will be blocked from logging in. ## What qualifies as phishing-resistant MFA For privileged users, standard MFA methods are no longer sufficient. This includes one-time passcodes from authenticator apps like Google Authenticator or Duo, SMS codes, and push notification approvals. These methods share a common vulnerability: they can be intercepted or entered on a spoofed site, making them susceptible to the exact attacks Salesforce is trying to prevent. Additionally, SSO alone does not guarantee compliance. If an organization uses an identity provider, that provider must pass a signal to Salesforce confirming that the user authenticated with a phishing-resistant method. Logging in through SSO with a password and standard TOTP code will not meet the requirement. Salesforce recognizes three phishing-resistant MFA methods: 1. **Built-in authenticators:** Device-based methods such as Windows Hello, Apple Touch ID, Face ID, and Android passkeys. These are convenient but device-bound, meaning if a device is lost, account recovery is required. 2. **Hardware security keys:** Physical keys such as YubiKey that connect via USB, NFC, or Bluetooth. These are highly secure but require carrying additional hardware and managing backups. 3. **Cloud-synced passkeys:** Passkeys managed through a FIDO2-compliant password manager. Unlike device-bound methods, cloud-synced passkeys sync across all devices. Salesforce explicitly confirms that password managers including Bitwarden meet the phishing-resistant MFA requirement. ## Get compliant quickly with Bitwarden All three options listed above meet Salesforce's phishing-resistant MFA requirement. The difference comes down to practicality. Cloud-synced passkeys offer the security of phishing-resistant MFA with the most convenience. Because they are stored in an encrypted password manager vault and synced across devices, privileged users can authenticate from any device without relying on a single device or piece of hardware. For most organizations, cloud-synced passkeys are the most practical path to compliance. Bitwarden is explicitly named by Salesforce as a qualifying cloud-synced passkey solution. Passkeys stored in Bitwarden are encrypted, synced across all devices, and ready to use wherever privileged users log in. For teams managing multiple users, Bitwarden enterprise controls make it straightforward to roll out passkeys org-wide, with SSO integration, directory sync, and detailed event logs to support compliance and auditing. An open source, independently audited password manager trusted by 80,000+ businesses, Bitwarden brings an additional layer of transparency and trust to passkey management. ## Be ready before July 1, 2026 With the July 1 deadline approaching, now is the time to act. Get started with a [free business trial](https://bitwarden.com/ja-jp/go/start-enterprise-trial/) or [contact sales](https://bitwarden.com/ja-jp/contact-sales/) to get privileged users compliant in time. ## 強力で信頼できるパスワードセキュリティを今すぐ。プランを選択してください。 ## パーソナル ### 始めたばかりですか? *今すぐ、基本的なパスワード管理を始めましょう。ずっと無料です。* *月あたり* *永久無料* Bitwardenの保管庫を利用する ボールトのアイテムを他の 1 人のユーザーと共有する [今すぐ利用開始](https://bitwarden.com/go/start-free/) --- ### プレミアム **$1.65** *月あたり* *年間 $19.80 ドル請求されます* プレミアム機能をお楽しみください - Bitwarden 認証器 - ファイル添付 - 緊急アクセス - フィッシング対策 - セキュリティレポートなど ボールトのアイテムを他の 1 人のユーザーと共有する [プレミアム アカウントを作成する](https://bitwarden.com/go/start-premium/) --- ### 家族 **$3.99** *月あたり* *最大 6 ユーザー、年間 $47.88 請求されます* あなたの家族のログインを保護してください - 6 つのプレミアムアカウント - 無制限の共有 - 無制限のコレクション - 組織のストレージ ボールトのアイテムを 6 人で共有する [ファミリープランの無料トライアルを開始](https://bitwarden.com/go/start-families-trial/) --- 価格は米ドルで表示され、年間サブスクリプションに基づいています。税別。 ## ビジネス ### チーム *成長するチームのための強固な保護* **$4** *月額/ユーザーごとに毎年請求* **妥協なし** 同僚、部門間、または全社と安全に機密データを共有する - 認証情報を安全に共有する - イベントログでアクティビティを追跡する - 既存のディレクトリを同期する - SCIM によるプロビジョニングの自動化 すべてのユーザーにプレミアム機能を含む [トライアルを開始する](https://bitwarden.com/go/start-teams-trial/) --- ### 企業 *大規模組織向けの高度な機能* **$6** *月額/ユーザーごとに毎年請求* **最大限の保護** エンタープライズ ポリシー、パスワードなしの SSO、アカウントの回復などの高度な機能を利用する。 - きめ細かなアクセス制御 - パスワードレスSSO統合 - 簡単なアカウント回復 - セルフホストの柔軟性 - アクセス・インテリジェンスのリスク修復 [新規] - すべてのユーザー向けの無料ファミリープラン すべてのユーザー向けのプレミアム機能と補完的なファミリー プランが含まれる [トライアルを開始する](https://bitwarden.com/go/start-enterprise-trial/) --- ### 営業に問い合わせる *数百人または数千人の従業員を持つ企業のために、カスタム見積もりを取得するために営業に連絡し、Bitwarden がどのように役立つかを確認してください:* *per month* - サイバーセキュリティ リスクを軽減する - 生産性を向上させる - シームレスに統合する Bitwarden は、パスワードのセキュリティを貴組織にもたらすために、どんな規模のビジネスにも対応する。 [営業に問い合わせる](https://bitwarden.com/talk-to-sales) --- 価格は米ドルで表示され、年間サブスクリプションに基づいています。税別。