Automatically enable?

[pvh]

If I've installed the 2fa plugin, doesn't that mean I want 2fa for my account? Perhaps it could enable automatically and save me a step. Perhaps you could set policy on the API side (org level?) that says "hey, this account should have 2FA" and automatically prompt me.

[pedro]

This is just a temporary solution to allow for internal use of 2fa without letting customers know; when we're ready to move on the plugin will be merged to Toolbelt, and we'll definitely have a web flow to enable/disable it. By that point I don't think it will make sense to keep 2fa:enable in the CLI as the flow works so much better on a browser.

/cc @jacobian as he's the product owner.

[brandur]

As seen in heroku/dashboard#1649, a rich UI for enabling 2FA is well underway, and it's very likely that after it's live we'll be merging this plugin into mainline Toolbelt (so it will never be explicitly installed). As such, I think it's reasonable that if a user really wants to enable 2FA from the CLI, they can run heroku 2fa:enable.

Closing this out.