As a Salesforce admin, amplify your org’s security by requiring a second level of authentication for every user login. You can also require two-factor authentication when a user meets certain criteria, such as attempting to view reports or access a connected app.
This guide only explain the basics, please follow the thorough guide from Trailhead for step-by-step instructions.
Step 1: Set the session security level for two-factor authentication
1. Go to Security > Session Settings
Here you can find multiple advanced security settings such as timeout periods, but you can read more about those in Salesforce knowledge articles.
2. Move Two Factor Authentication to High Assurance level
3. Remember to press ‘Save’ on the bottom of the page!
Step 2: Add Two Factor Authentication System Permission to the user
1. Create a permission set with Two-Factor Authentication for User Interface Logins - System Permission
2. Give the permission set to the users
Step 3: Connect the Salesforce Authenticator Mobile App to the User Account
2. Connect your user account with mobile device.
3. Use the verification code from Authenticator when logging in.
You can also ease the use by using trusted locations and automation.