What's with the verification code ? Why is my Salesforce asking for it so many times ?

With the Spring '16 release, Salesforce has upped the security of a login. They decided that the credentials and the IP accost that a user logs in from is just non plenty to verify that the person logging in is the actual user. Now, they've added the browser to the list of things that are verified when y'all login. What happens is that, Salesforce checks the credentials, the IP address and the browser cookies to check if in that location have been previous logins with the same philharmonic. If not, a verification code is sent to your email id/mobile. This security construction actually makes it less probable for someone to login, even if they have your Salesforce credentials.

The mechanism to authenticate with verification codes was always at that place. People with trusted IP ranges on their Org would've come beyond it when trying to login from a dissimilar network. It's simply that now, it's asked for more than frequently than earlier.

https://releasenotes.docs.salesforce.com/en-usa/spring16/release-notes/rn_security_auth_stop_trusting_ip.htm

How do I stop it ?

Short answer, you can't. But, yous can reduce the frequency of the verification code request depending on how your visitor uses Salesforce.

  1. If your visitor/office has a specific range of IP addresses that it uses for it's network, you're in luck. Talk to your network/IT team, and one time you have the IP range, add it to the trusted IP ranges under Setup > Security Controls > Network Admission
  2. If y'all're someone who travels a lot, try to get a VPN. Logging in from a VPN into Salesforce uses the IP address of the VPN network and makes Salesforce think that you are logging in from the company's network.
  3. This ane is important: Make certain that browser cookies are not erased when you close the browser. When there isn't a possibility of calculation IP ranges or using VPN, this ane footstep is a must. When you login for the first time from a new browser or a new unauthenticated IP (after verification, of form), the browser cookies keep info of the login. At the next login from the same browser, the cookies are checked for a previously successful login. So do not articulate cookies. Some companies take a policy of clearing cookies on company computers for security reasons. Talk to your IT squad to run into if there tin exist an exception made.
  4. Get the Salesforce Authenticator app . This doesn't actually make the verification code request go away, just at to the lowest degree you lot don't take to wait for the code.

https://help.salesforce.com/apex/HTViewSolution?id=000232553

I want the code to be sent to my email and not my phone (or vice versa, or both)

Y'all tin can choose to receive verification codes on your phone or your email or on both. Every user that exists on Salesforce has 2 fields- email and mobile telephone. Now, the mobile phone field is not mandatory, then many users may non take it filled. When Salesforce wants to send a verification code, information technology checks whether you have a mobile number entered in your user record and sends it to that number. If there isn't a number, it will send the verification code to the email of the user (it's a mandatory field, so every user's got one). You lot tin can cull to go the code on both electronic mail and phone. Only check this permission on your contour- Email-Based Identity Confirmation .

https://assist.salesforce.com/HTViewSolution?id=000198756&language=en_US

I'm non getting the verification code !

Here, you demand to start cheque where you go the verification code. The best place to find out if the verification code was sent and where it was sent is from the Setup > Identity Verification History department.

Screen Shot 2016-03-28 at 1

https://aid.salesforce.com/noon/HTViewHelpDoc?id=security_verification_history.htm&language=en_US

If you were asked for a verification code, there volition be an entry hither side by side to your username. Check the "Method" column to see if information technology was sent equally a text message or an email. If it was sent as a text message, make sure that your telephone number is correct. Sometimes the format of the phone number would be wrong and the verification code doesn't really reach the telephone. The appropriate format for the phone number is something similar +44 1234567890. Re-annals your phone if this is the case. Yous tin can likewise have the phone number removed for the fourth dimension being to get the lawmaking on your email id.

If it'due south sent to your email, check the spam binder of your inbox or talk to your It squad to run across if they have any security policy blocking these emails.

What nigh Salesforce1 ?

Salesforce1 clears the cookies when a user logs out of the app. Logout is dissimilar from only minimizing the app in the background. Once a logout from the app happens, the cookies on the app are cleared and you lot will exist asked for a verification lawmaking on the side by side login. This happens on every logout/login. Talk to your Salesforce administrator nigh setting up the app and so that the Salesforce1 doesn't get logged out automatically.