Using a password manager like LastPass or 1Password is recommended for managing login credentials for multiple Salesforce sandboxes. It helps generate secure passwords and allows secure sharing of login information without sharing passwords. Password security is important and unique passwords for each account are recommended.
With this article, learn about the benefits of using a password manager for Salesforce development, including password security and the ability to generate unique and secure passwords for each account. You will also learn about the dangers of sharing credentials and other password tips.
Here are our 5 Key Takeaways:
- Using a password manager like LastPass or 1Password can help improve password security and generate unique and secure passwords for each account.
- Having a unique password for each account is important to prevent attackers from accessing all of your other accounts.
- Password managers can automatically generate compliant passwords for many sites with the click of a button.
- Sharing credentials over email and chat is dangerous, but password managers can securely share login information without sharing your password.
- Other password tips include using a memorable master password and never using Salesforce credentials to login into 3rd party services.
Using multiple sandboxes for Salesforce development is a best practice. You want at least one sandbox per user. Even better is when you can use different environments for different features. Of course, this means you’ll have to manage login credentials for your various environments.
We highly recommend using a password manager like LastPass or 1Password. This is valuable for a number of reasons. Not having to remember which password pairs with which username is a major convenience. But password managers bring some significant security benefits as well.
Password security is important. Sometimes all that stands between a potential attacker and full access to your Salesforce environment and data is your password. Passwords that can withstand brute-force attacks are important.
Of course, there is a lot of competing information on password security. Many companies have different policies and requirements like requiring you to use upper and lower case letters, numbers and certain “special” characters like !@#$ (but annoyingly not others like ^&*). Salesforce requires a minimum of 8 letters and at least 1 letter and 1 number by default.
But this XKCD on password strength is illustrative:
Sometimes creating passwords like @L3XisSuper1337 seem more secure but they are in fact easier for a computer to guess and harder for you to remember.
Having a unique password for each account is a good idea. If one of your passwords is compromised you don’t want the attacker to have access to all of your other Salesforce sandboxes or other accounts. Password managers remove the burden of having to remember each unique (and ideally lengthy password) from you by automatically storing your information.
With a good password manager you also don’t have to think up new secure passwords. The major password managers all have tools for generating compliant passwords for many sites. LastPass allows you automatically generate secure passwords that meet those criteria with the click of a button.
A password manager can help generate secure passwords that are compliant with password requirements for all sites and saves you from having to remember. For example, LastPass has an automatic generator that gives you the options to insert certain characters:
Though sharing credentials is not a best practice that we endorse we do see many teams doing it. Worse, they are sharing credentials over email and chat. This is dangerous because your password can be easily intercepted this way. With a password manager you can securely share login information without ever actually sharing your password.
Never store your password in plain text or over chat or email.
When creating your Master Password for your password manager use something like the password xkcd recommends: four simple words that you can easily remember. For example: correcthorsebatterystaple. It would take a computer 550 years to guess that phrase at 1,000 guesses per second.
Never use your Salesforce credentials to login into 3rd party services. Only use OAuth like we do at Blue Canvas.
If you’re using a password manager, you don’t need to have your browser remember passwords. It’s an unnecessary redundancy.
Security is something we take very seriously at Blue Canvas. To learn more check out our security documentation.
How Sysco's team of 40+ developers and admins support a complex Salesforce release flow with Blue Canvas.
Our latest feature offers proactive suggestions so you can avoid dependency errors and better understand relationships between your Salesforce objects.
From your sandbox to a git repository in less than a minute
Why Salesforce DevOps is more than just hooking up a git repo to a Salesforce org
Diving into what it takes to smoothly merge work across Salesforce orgs