What is the Salesforce Security Token?


If you’re working with Salesforce in any administrative capacity, it’s important that you familiarise yourself with the security token. It may also be helpful for users to understand what it is, especially when using the Outlook connector or similar tools as it’ll need updating each time the users password is changed.

What is the security token?

  • The security token is a 24 character, alphanumeric string which is automatically generated
  • Each security token is unique to a specific user and cannot be re-used
  • Security token’s are case sensitive
  • A users security token will change automatically when their password is updated
  • Security tokens can be manually re-set at any time at the users request

What does the security token do?

The security token is designed to increase the security between the end user and servers, reducing the chance of your account being hacked or accessed by an unauthorised user. It’s well documented that by increasing the length of a password it’s possible to vastly reduce the chances of success by a brute force attacker.

In addition to the above, the security token prevents unauthorised API access by someone who may have gained access to a users password (thus adding an additional layer of security). The concern is that if they have access to a users password they may use that to access their email account and the security token, which is why all users should be encouraged to keep their passwords private.

How do I use my security token?

To use your security token, all that’s required is that the unique token (or key) is added immediately after your password when logging in via the API. So when logging into the data loader, enter the username as normal and where the password is “password” and security token is “xYzXyZ” I would enter “passwordxYzXyZ” (it’s important that there are no spaces between your password and security token).

How to reset a security token

There are occasions where it is necessary to reset a security token. To do this, the user must login into their Salesforce account and enter the Personal Setup menu – from here expand “My Personal Information” > “Reset My Security Token”. Once on the reset page, simply press the “Reset Security Button” as shown below.

Reset Security Token

Once the button has been pressed, the token is reset immediately and you’ll receive an email to the account registered with this user containing the new security token. The subject of the email is “<strong> security token confirmation</strong>”.