The purpose of this article is to explain what Multi Factor Authentication (MFA) is and how it benefits the Dealership as added security
What is Multi Factor Authentication (MFA) and what is it used for
The simple way to think of it is as additional protection that helps stop all sorts of malicious attackers from getting into systems
To do that, MFA makes you prove that you are who you say you are in more ways than one
Typically, the first proof is by providing the correct username and password
After that, you will be prompted to supply a second type of proof that is different than the first (ie not just another saved password - after all, if your first password was compromised, your second one might have been too!)
That second proof can be a scanned fingerprint or a time-sensitive code to type in or even a physical device you plug into your computer like a key. Each of these different forms of proof are a factor, which is why this security feature is called MFA
You may have heard of two-factor authentication (2FA) and are wondering if that’s different than MFA - understandably, a lot of people confuse the two:
- 2FA is simply - two forms of proof
- MFA is - two or more forms of proof
MFA tends to be a bit stricter about what counts as a different form of proof. A code texted to you after you’ve supplied a username and password is one of the most typical ways to handle 2FA, but a lot of MFA implementations doesn’t consider text messages secure enough to count as a valid second form of proof. That’s why you won’t see text messages mentioned anywhere else in this document
In essence, MFA is the cyber-security version of two pieces of ID please
Why do we need MFA in Blackpurl
Salesforce, which is the platform that Blackpurl operates on, is mandating that everyone who logs into a Salesforce organization MUST use multi factor authentication
MFA keeps customer data safe and that’s something we all definitely want
For our USA Dealerships, we also need to comply with the rules issued by the Federal Trade Commission (FTC) on protecting customer information
Further information can be sort from this link - FTC
What is important to note, as it says on the FTC page, is that Financial Institutions applies to a much broader group of companies than many would think
For us, that means that if a dealer does anything at all around allowing a customer to finance a sale, even if the dealer isn’t actually providing the financing (or lease a unit) then they are considered to be a Financial Institution under the definition
You can see on the list of obligations under Safeguard, MFA is listed
For the size exception to the Safeguard (under 5K customers) you can see that many of the requirements still apply (including MFA) This means that even our smaller dealerships are subject to them
Really though, this is just another reason why we deem MFA a mandatory feature – even if FTC Safeguards does not directly apply to your dealership (ie non USA or cash only), it just reinforces yet again how risky it is to operate your business without a foundational security precaution
That is why more and more software providers require it (ie SalesForce) to prevent data breaches and to limit the inevitable legal liability if a breach does occur
For MFA to be setup, the Dealership will need to setup / install an Authenticator. For further information, please review this article - Options for Authenticator / Multi Factor Authentication / Change of Authenticator Required