Changes in Salesforce Identity start with a Multi-Factor Authentication Assistant that helps you safeguard your Salesforce data. We also retired two-factor authentication terminology and moved to the industry standard term of multi-factor authentication. You can enhance your Salesforce org’s security with Mobile Device Tracking. Web applications can now enable Cross-Origin Resource Sharing (CORS) to access resources from certain Salesforce OAuth endpoints. Secure outbound SAML messages when Salesforce is the identity provider.