ABSYZ ABSYZ

  • Home

    Welcome to ABSYZ

  • About us

    Who We Are

  • Our Expertise

    What We Do

  • Our Approach

    How We Do It

  • Products

    What We Made

  • Industries

    Who We Do It For

  • Clients

    Whom We Did It For.

  • Article & Blogs

    What Experts Think

  • Careers

    Join The Team

  • Get In Touch

    Let’s Get Started

ABSYZ

Too Many Verification Code requests on Salesforce login

Home / Article & Blogs / Salesforce / Too Many Verification Code requests on Salesforce login

Too Many Verification Code requests on Salesforce login

By nagensahu inSalesforce

What’s with the verification code ? Why is my Salesforce asking for it so many times ?

With the Spring ‘16 release, Salesforce has upped the security of a login. They decided that the credentials and the IP address that a user logs in from is just not enough to verify that the person logging in is the actual user. Now, they’ve added the browser to the list of things that are verified when you login. What happens is that, Salesforce checks the credentials, the IP address and the browser cookies to check if there have been previous logins with the same combo. If not, a verification code is sent to your email id/mobile. This security structure actually makes it less likely for someone to login, even if they have your Salesforce credentials.

The mechanism to authenticate with verification codes was always there. People with trusted IP ranges on their Org would’ve come across it when trying to login from a different network. It’s just that now, it’s asked for more frequently than earlier.

https://releasenotes.docs.salesforce.com/en-us/spring16/release-notes/rn_security_auth_stop_trusting_ip.htm

How do I stop it ?

Short answer, you can’t. But, you can reduce the frequency of the verification code request depending on how your company uses Salesforce.

  1. If your company/office has a specific range of IP addresses that it uses for it’s network, you’re in luck. Talk to your network/IT team, and once you have the IP range, add it to the trusted IP ranges under Setup > Security Controls > Network Access
  2. If you’re someone who travels a lot, try to get a VPN. Logging in from a VPN into Salesforce uses the IP address of the VPN network and makes Salesforce think that you are logging in from the company’s network.
  3. This one is important: Make sure that browser cookies are not erased when you close the browser. When there isn’t a possibility of adding IP ranges or using VPN, this one step is a must. When you login for the first time from a new browser or a new unauthenticated IP (after verification, of course), the browser cookies keep info of the login. At the next login from the same browser, the cookies are checked for a previously successful login. So do not clear cookies. Some companies have a policy of clearing cookies on company computers for security reasons. Talk to your IT team to see if there can be an exception made.
  4. Get the Salesforce Authenticator app. This doesn’t really make the verification code request go away, but at least you don’t have to wait for the code.

https://help.salesforce.com/apex/HTViewSolution?id=000232553

I want the code to be sent to my email and not my phone (or vice versa, or both)

You can choose to receive verification codes on your phone or your email or on both. Every user that exists on Salesforce has two fields- email and mobile phone. Now, the mobile phone field is not mandatory, so many users may not have it filled. When Salesforce wants to send a verification code, it checks whether you have a mobile number entered in your user record and sends it to that number. If there isn’t a number, it will send the verification code to the email of the user (it’s a mandatory field, so every user’s got one). You can choose to get the code on both email and phone. Just check this permission on your profile- Email-Based Identity Confirmation.

https://help.salesforce.com/HTViewSolution?id=000198756&language=en_US

I’m not getting the verification code !

Here, you need to first check where you get the verification code. The best place to find out if the verification code was sent and where it was sent is from the Setup > Identity Verification History section.

Screen Shot 2016-03-28 at 1

https://help.salesforce.com/apex/HTViewHelpDoc?id=security_verification_history.htm&language=en_US

If you were asked for a verification code, there will be an entry here next to your username. Check the “Method” column to see if it was sent as a text message or an email. If it was sent as a text message, make sure that your phone number is correct. Sometimes the format of the phone number would be incorrect and the verification code doesn’t really reach the phone. The appropriate format for the phone number is something like +44 1234567890. Re-register your phone if this is the case. You can also have the phone number removed for the time being to get the code on your email id.

If it’s sent to your email, check the spam folder of your inbox or talk to your IT team to see if they have any security policy blocking these emails.

What about Salesforce1 ?

Salesforce1 clears the cookies when a user logs out of the app. Logout is different from just minimizing the app in the background. Once a logout from the app happens, the cookies on the app are cleared and you will be asked for a verification code on the next login. This happens on every logout/login. Talk to your Salesforce administrator about setting up the app so that the Salesforce1 doesn’t get logged out automatically.

Salesforce1SecurityVerification Code
31
Like this post
5 Posts
nagensahu

Search Posts

Archives

Categories

Recent posts

Significance of UI/UX Design

Significance of UI/UX Design

Cyber-security in an uncertain world

Cyber-security in an uncertain world

The world of AR and VR

The world of AR and VR

The in-and-out of ML

The in-and-out of ML

Future of Mobility

Future of Mobility

  • Previous PostEmail Services in Salesforce with a simple example
  • Next PostCRUD in Lightning

Related Posts

REST API call from Einstein Analytics Dashboard
Apex REST Salesforce Salesforce Einstein Wave Analytics

REST API call from Einstein Analytics Dashboard

Create/Update Salesforce Picklist definitions using metadata API
Integration Metadata API Salesforce

Create/Update Salesforce Picklist definitions using metadata API

2 Comments

  1. baleshlakshminarayanan
    Reply
    28 March 2016

    Good one. Will save a lot of time for many organizations.

    Reply
  2. ABSYZ – Top 5 Blogs – ForceOlympus
    Reply
    12 September 2017
    Reply

Leave a Reply (Cancel reply)

Your email address will not be published. Required fields are marked *

*
*

ABSYZ Logo
  • Home
  • About us
  • Article & Blogs
  • Careers
  • Get In Touch
  • Our Expertise
  • Our Approach
  • Products
  • Industries
  • Clients
  • White Papers

ABSYZ Software Consulting Pvt. Ltd.
USA: 49197 Wixom Tech Dr, Wixom, MI 48393, USA
M: +1.415.364.8055

India: 6th Floor, SS Techpark, PSR Prime, DLF Cyber City, Gachibowli, Hyderabad, Telangana – 500032
M: +91 79979 66174

Copyright ©2020 Absyz Inc. All Rights Reserved.

youngsoft
Copy