ROCHESTER, N.Y.--(BUSINESS WIRE)--Token, a leader in biometric assured identity, today announced that its TokenCore Wearable and TokenCore Portable products provide Salesforce customers, Salesforce partners, and Salesforce administrators with one of the strongest available methods for meeting and exceeding Salesforce phishing resistant access requirements.
Salesforce has made clear that the security landscape has changed. AI driven phishing, vishing, social engineering, credential theft, and account takeover attacks are putting Salesforce users and Salesforce data at increasing risk. Salesforce has also announced stronger security requirements, including MFA for employee users and phishing resistant MFA for privileged users, including Salesforce admins.
Token directly addresses this new Salesforce security reality by combining biometric identity, phishing resistant FIDO2 and WebAuthn authentication, secure hardware, and wireless ease of use. Token products are designed to ensure that Salesforce access is granted only when the authorized physical human is present and biometrically verified.
“Salesforce is raising the bar for identity security, and that is exactly where the market needs to go,” said Kevin Surace, CEO of Token. “Salesforce holds some of the most valuable business data in the enterprise. Protecting Salesforce access with legacy MFA, push approvals, SMS codes, shared passwords, or cloud synced software credentials is no longer enough. Token gives Salesforce customers biometric assured identity for Salesforce access today.”
Token products support phishing resistant authentication by using FIDO2 and WebAuthn protocols that bind authentication to the legitimate Salesforce login origin. Unlike SMS codes, authenticator apps, push approvals, or shared passwords, Token does not give attackers a code to steal, a prompt to trick, or a password to relay. Each authentication event requires the registered Token device, the authorized user’s fingerprint, and a cryptographic challenge tied to the legitimate service.
The result is Salesforce access that is not merely based on something a user knows or something a user possesses. Token verifies the actual person.
That distinction is critical for Salesforce administrators and privileged Salesforce users. A compromised Salesforce admin account can expose customer records, donor data, sales pipelines, financial history, case notes, workflows, integrations, permissions, and privileged system controls. Token helps close that gap by requiring biometric proof before Salesforce access is granted.
Token also provides a practical path for Salesforce partners and nonprofits that have historically relied on shared support workflows. A password manager may manage credentials, and a software passkey may satisfy a baseline technical requirement, but those approaches do not always prove which human is actually present. Token raises the assurance level by tying Salesforce access to a physical biometric device assigned to an authorized person.
“Salesforce customers are asking the right question now,” Surace continued. “How do we meet the Salesforce phishing resistant requirement while also knowing it is the right person logging in? Token is the clean answer. It is phishing resistant. It is biometric. It is hardware bound. It is easy to use. And it works today.”
TokenCore Wearable is a wireless biometric authenticator worn on the finger, with the fingerprint sensor positioned on the top side of the hand for fast and natural verification. TokenCore Portable provides the same biometric assured identity model in a portable wireless form factor. Both are built for modern enterprise environments where users access Salesforce across laptops, desktops, mobile devices, browsers, operating systems, and identity providers.
Token products are designed to meet and exceed Salesforce phishing resistant access expectations by adding biometric assured identity on top of cryptographic authentication. This approach protects against real time phishing, spoofed Salesforce login pages, credential replay, MFA fatigue, shared secret theft, help desk manipulation, and many forms of social engineering that have made legacy MFA obsolete.
With Token, a bad actor cannot gain Salesforce access simply by stealing a password, tricking a user into approving a prompt, intercepting a code, or accessing a shared vault. The Token device must be present. The correct fingerprint must match. The cryptographic challenge must come from the legitimate origin. If the request is spoofed, proxied, or relayed from a phishing site, authentication fails.
Salesforce customers are now moving toward stronger authentication because Salesforce itself has made the direction clear. The future of Salesforce access is phishing resistant, identity assured, and built around stronger proof of the actual user. Token delivers that model now.
For Salesforce enterprises, Salesforce admins, Salesforce consulting partners, Salesforce nonprofits, and Salesforce customers handling sensitive data, Token provides a direct path to stronger compliance, stronger access control, and stronger protection against the identity attacks now targeting Salesforce environments.
“Salesforce security starts at login,” said Surace. “Token makes that login biometric, phishing resistant, and bound to the real human. That is the new standard for protecting Salesforce.”
About Token
Token provides biometric assured identity solutions for enterprises that need to stop credential theft, phishing, social engineering, and account takeover at the point of access. Token products combine biometric fingerprint verification, secure hardware, FIDO2 and WebAuthn authentication, and wireless ease of use to ensure that only the right person can access critical systems. Token protects workforce access across modern enterprise applications, identity providers, and cloud platforms.
Also Read:
AI Agents in Cybersecurity: What’s Working Today and What’s Not?
