Unless all your users are already set up with at least one additional “strong verification method,” the answer is YES! This does apply to you.
Second, what is MFA?
It’s something you’ve been doing longer than you think. Every time you’ve used an ATM, you’ve provided your debit card (authentication method) and your PIN (an additional authentication method) to prove it’s you.
Does email or SMS authentication work?
Unfortunately no. These still leave significant security vulnerabilities as both are vulnerable to “phishing” (hacking)
Great…so what does work?
Luckily, you’ve got options!
Three authentication methods for Salesforce MFA:
Salesforce Authenticator App:
It’s easy to download and easy to use. This is by far the quickest method to configure and implement. Download it on your iPhone or Android device.
Third-Party Authentication Apps: They’re incredibly secure as they use time-based one-time passcodes, and your users can use a single app if they have to use this type of MFA for multiple platforms.
Security Keys: They look like flash drives and plug into your computer the same way. These are the most secure. Unfortunately, they are not free and require your users to have an additional piece of hardware.