Two-factor authentication is a powerful and simple way to greatly enhance security for your Heroku account. It prevents an attacker from accessing your account using a stolen password. After a 4 month beta period, we are now happy to make two-factor authentication generally available.
You can enable and disable two-factor authentication for your Heroku account in the Manage Account section of Dashboard.
Before you turn it on, please read on here to understand the risks of account lock-out. You can also refer to the Dev Center docs for more details.
Without two-factor authentication, an attacker can gain...Read more →