What’s New?
- Security & Account Protection Enhancements for Azure B2C Login experience
Maximum Invalid Login Attempts Reduced (10 → 5)
Accounts will now lock after five failed login attempts to better prevent brute‑force attacks. Users who mistype passwords (especially infrequent users) may encounter more lockouts and need to reset their password or contact support
- Security & Account Protection Enhancements for Salesforce Login experience
- Maximum Invalid Login Attempts Reduced (10 → 5)
Accounts will now lock after five failed login attempts to better prevent brute‑force attacks. Users who mistype passwords (especially infrequent users) may encounter more lockouts and need to reset their password or contact support - Secret Answers Masked During Password Resets
Secret answers are now masked during password resets to prevent on‑screen exposure. This small security improvement may momentarily surprise users accustomed to seeing the text, but it doesn’t change the overall process - Session Timeout Enforcement: Forced Logout After 1 Hour
To reduce unauthorised access from unattended devices, sessions will now expire after one hour of inactivity. Users will be logged out automatically, lose unsaved work, and should save frequently during longer tasks - Identity Verification Required for Email Address Changes
Users must now verify their identity before changing the email on their Salesforce account, preventing attackers from redirecting account communications. Legitimate updates will simply require an extra verification step
- Maximum Invalid Login Attempts Reduced (10 → 5)
Release date: 30th March 2026
Comments
Please sign in to leave a comment.