Two-factor authentication is a powerful and simple way to greatly enhance security for your Heroku account. It prevents an attacker from accessing your account using a stolen password. After a 4 month beta period, we are now happy to make two-factor authentication generally available.

Turning on two-factor authentication

You can enable and disable two-factor authentication for your Heroku account in the Manage Account section of Dashboard.

Before you turn it on, please read on here to understand the risks of account lock-out. You can also refer to the Dev Center docs for more details.

How two-factor authentication protects you

Without two-factor authentication, an attacker can gain...

One of our core beliefs at Heroku is that developers do their best work when the development process is as simple, elegant, and conducive to focus and flow as possible. We are grateful for how well many of our contributions to that cause have been received, and today we are making generally available a new set of features that have been inspired by those values.

Collectively, we call these new features Heroku DX—the next evolution in Heroku’s developer experience. Our goal with these new features—Heroku Button, Heroku Dashboard + Metrics and Heroku Postgres DbX—is to make it faster than ever for developers to build, launch and scale applications.


Heroku Button

Heroku is known for...

The Heroku Routing team does a lot of work with Erlang, both in terms of development and maintenance, to make sure the platform scales smoothly as it continues to grow.

Over time we've learned some hard-earned lessons about making systems that can scale with some amounts of reliability (or rather, we've definitely learned what doesn't work), and about what kind of operational work we may expect to have to do in anger.

This kind of knowledge usually remains embedded within the teams that develop it, and tends to die when individuals leave or change roles. When new members join the team, it gets transmitted informally, over incident simulations, code reviews, and other similar...

Celery is by far the most popular library in Python for distributing asynchronous work using a task queue. If you're building a Python web app, chances are you already use it to send email, perform API integrations, etc. Many people choose Redis as their message broker of choice because it's dead simple to set up: provision a Redis add-on, use its environment variable as your BROKER_URL, and you're done. But the simplicity of Redis comes at a cost. Redis does not currently support SSL, and it doesn't seem like that's going to change any time soon. Because Heroku add-ons communicate over the public web, that means the contents of Celery jobs are traveling unencrypted...

The key to any startup is focus -- focusing in multiple directions is really no focus at all. Following this premise we understand the decision by CloudBees to double down on their continuous integration offering of Jenkins, and to discontinue their platform as a service product. Continuous integration is already playing an important role in application development and deployment and will only continue to grow in the future. Many of us are fans of Jenkins, and in fact we have many Heroku customers today taking advantage of Jenkins and other CI services.

We’re also pleased to see CloudBees suggest that users migrate their PaaS services to providers like Heroku, and we’d like to welcome...

Browse the blog archives or subscribe to the full-text feed.