Two-factor authentication (2FA) adds an extra layer of security to your Heroku account by asking for a verification code after you sign in with your email address and password. The verification code is generated by an application on your smartphone. To gain access to your account a potential attacker would need your email address, your password, as well as your phone. Heroku recommends all users enable two-factor authentication for their accounts.
1. On the Dashboard account page, click “Enable Two-factor Authentication” and follow the on-screen instructions.
2. Download an authenticator app for your smartphone.
3. Scan the barcode shown on the Dashboard page with the downloaded authentication app.
4. To validate your device, enter the 6-digit code displayed on your smartphone.
5. Two-factor authentication is now enabled for your account.
For more information visit: https://devcenter.heroku.com/articles/two-factor-authentication