Today, we’re excited to announce public beta of two-factor authentication for Heroku accounts. With two-factor auth enabled, an authentication code is required whenever you log in. The code is delivered using an app on your smartphone, and access to your phone becomes a required factor (in addition to your password) to access Heroku. An attacker that has somehow discovered your password will not be able to log in using just your password.
The easiest way to enable two-factor auth is using Dashboard. Go to your account page, click the “Enable two-factor authentication” button and follow the on-screen instructions.
Download an authenticator app for your...Read more →