General Availability of Heroku MFA

Change effective on 05 April 2021

Starting April 5, 2021, Multi-factor Authentication (MFA) is available to all non-SSO Heroku customers.

MFA is an effective way to increase protection for your account against common threats like phishing attacks, credential stuffing, and account takeovers.

Heroku users who already had Two-factor Authentication enabled have been migrated to MFA (TOTP, Recovery Codes, and SMS verifiers were all migrated). Logged in users can enable MFA by visiting Account Settings, selecting “Setup Multi-Factor Authentication” and following the prompts.

Logging in to Heroku CLI after enabling MFA requires you to open a browser and login to Dashboard first. The –interactive option cannot be used due to technical dependency on web browsers for MFA verification.

More information about MFA can be found in Dev Center.