MFA for Heroku Accounts

Owned by Jonathan Rochkind
Last updated: Mar 08, 2022
1 min read

Heroku now requires a form of Multi-factor-authentication (MFA), generally with a “TOTP” authenticator app.

One free one that works well for me is Authy. One thing I like about it is it’s multi-device support (with phone and Desktop apps), so I can set it up on my laptop and phone (and personal laptop), so I don’t lose access to all my accounts if I lose my device, and it’s clear how to deal with changing phone, etc. To have multi-device sync work with Authy, you also need to turn on Authy Backups (with a master password). More on Authy multi-device sync.

Other free TOTP app options are Microsoft Authenticator (I think phone only, not sure about multi-device sync), and Google Authenticator (not sure). You want to make sure you understand how you will keep access to your TOTP-protected accounts if you lose or change devices! I honesty don’t totally understand the expectations for how this works generally, but I understand Authy multi-device setup.