Tip: Easy Salesforce Logins

salesforce.pngWhen you’ve been using Salesforce for a while, you accumulate logins. You may have a login for your main instance, a login for your sandbox (a dupe of your instance without data that you can use to try new things) and maybe even logins for developer edition instances.

Here’s a tip for creating one-click Salesforce logins that I picked up a few years ago.

This is not secure. Only do this on a computer that you know will never be touched by human hands that aren’t your own. If you do this on a computer that someone else has access to, and they get into your Salesforce and do terrible things, please don’t come back here and blame me. You have been warned.

That’s said, let’s get to the tip.

In your browser or your favorite PRIVATE bookmarking service, create a bookmark that looks like this, replacing the red sections with your own information as explained below:

https://www.salesforce.com/login.jsp?pw=yourpassword&un=user%40domain.com

yourpassword = obviously, your password. Remember what I said about keeping this bookmark private?

user%40domain.com = your login username, replacing the @ with %40. Why %40? Not entirely sure.

Give the bookmark a unique name and there you go. When you’re ready to login, just click the bookmark and you’ll skip the front door. Create a separate bookmark for your sandbox, developer instance, etc. and save loads of time and hassle remembering which email you address you used this week for which setup.

Advertisements

3 thoughts on “Tip: Easy Salesforce Logins

  1. Great tip. In the past, I’ve implemented this for a few members of our executive team — who were constantly forgetting their passwords. It is “dangerous”, so your warnings to use it sparingly and only in tightly controlled circumstances is spot on.

    The %40 is the hex-format for the ascii control character code for the “@” symbol. There are certain characters that you can’t include in a URL address (like space, the “@” symbol, etc.). For these, you need to encode them in their hex format. For the desperately curious, more details here: http://www.csgnetwork.com/asciiset.html

    If you’re concerned about this method for security reasons, then I highly recommend RoboForm (http://www.roboform.com). The application is free for up to 10 different accounts. I fell in love with the mobile version of this, which lets me securely keep my passwords and logins to all my different Salesforce and Developer accounts on a USB drive. It’s definitely worth looking into.

    Great post, Judi!

  2. Thomas R. Hall says:

    JP Seabury beat me to it on the hex encoding. 🙂

    Something else to consider about using a “GET” URL (where you provide your username and password as part of the URL) is that it is a bit more of a security risk. Even if that link is only on your machine, once you click on it, the full link is available in the web server logs on Salesforce’s servers _in plain text_. So any sysadmin who has access to the web server logs would know your user ID and password. Just a word of caution. Using something like Roboform, KeePass, 1Password, etc. is a better way, if possible.

    Note that if you use a “POST” request, the data is not passed as part of the URL, and thus not in the web server logs.

Comments are closed.