Verify That User Credentials Are Secure When Users Access Sessions

You can now view the HTTP method used for the session login: POST, GET, or Unknown. Use this information to determine if a user is inadvertently exposing user credentials through a GET request. For example, if a user entered a username and password on the login page, the HTTP method for login is a secure POST request. However, if the user logged in by providing the username and password in the URL as a GET request, the credentials are exposed.

Where: This change applies to Lightning Experience and Salesforce Classic in Contact Manager, Developer, Enterprise, Group, Performance, Professional, and Unlimited editions.

How: View the HTTP login method on the Login History page.