Security Keys

Last updated April 05, 2021

Security keys are small physical devices that are easy to use because there’s nothing to install and no codes to enter. This is a great option if you are unable to use a mobile device for logging in to Heroku.

Options for security keys include Yubikey or Google Titan Key.

Choosing a Security Key

Consider your technology environment, form factor preferences and cost when selecting a Security Key.

You will need a Security Key based on WebAuthn standard.

Security keys are available in USB-A, USB-C, Lightning and NFC form factors. A compatible web browser is required for using Security Keys. Latest versions of major browsers (Chrome, Safari, Firefox and Edge) support WebAuthn Security Keys on most recent versions of relevant operating systems.

Heroku has verified Security Key functionality in multiple environments. Be sure to consult vendor documentation for specific questions related to Security Key support in your environment to ensure compatibility.

As always, we strongly recommend configuring a secondary MFA verification method such as Recovery Codes to avoid problems accessing your Heroku account.

Registering a Security Key

For registering a Security Key as your MFA verification method, start at Account Settings and select Setup Multi-Factor Authentication (or Manage Multi-Factor Authentication if you have already enabled other verification methods).

Choose Add Security Key option on the next page and follow the prompts to complete registration. Your registration experience may vary based on the browser and the form factor of the key in use but generally involves these steps -

  • Click Register to add a Security Key
  • When prompted, ensure that the Security Key is inserted in the appropriate port or connected via NFC and activate it
  • Name your key and complete registration

Add Security Key

MFA Verification with a Security Key

  • After entering your email and password, you will be prompted to verify your login using your security key
  • Insert or connect the key and activate it (your specific experience may vary based on the browser and the form factor of the key) to complete login

Login with Security Key

Feedback

Log in to submit feedback.