MFA - Password Managers and TOTP

Issue

Can I use TOTP codes generated by a password manager?

Resolution

As a best practice, use verification methods like a mobile app or a physical security key because they exist separately from a user’s laptop or workstation. This way, if a bad actor manages to gain access to a user’s computer, the user’s second factor isn’t also compromised. Many password managers allow users to generate time-based one-time passwords (TOTP) for MFA authentication.

Use this capability only from password managers that are accessed from mobile devices, or if the password manager itself has MFA protection (for example, using biometric authentication).

Ask on Stack Overflow

Engage with a community of passionate experts to get the answers you need

Ask on Stack Overflow

Heroku Support

Create a support ticket and our support experts will get back to you

Contact Heroku Support