Adafruit is currently requiring a verified account with two-factor authentication enabled in order to purchase certain high-demand products, such as Raspberry Pi 5 computers, due to a large number of bot-purchasers making it difficult for Makers and Engineers to order these products.

Please make sure you have a verified Adafruit account and enable two-factor authentication. Finally, you will need to sign out and back in to activate the account verification.

Why is Adafruit doing this? Why doesn't Adafruit allow these bots to buy up stock and set a market price that matches supply / demand?

Right now there's a serious silicon/chip shortage which is making it hard to keep some boards like the Raspberry Pi 5 stocked. There's also a lot of people who want to use RasPi's for their products and projects!

Since Adafruit is a member of the hacker/maker/engineering community, we want to make sure that folks who are learning and creating with electronics have a chance to pick up a Raspberry Pi.

We set a limit of '1 per customer checkout' but found that there were automated or semi-automated purchasers who would repeatedly order multiple boards for resale on auction sites. We think there are enough RasPi's for most people who want one, but they were having to compete with people who were not following the '1 per customer' rule and using automated tools to purchase large quantities before most folks had a chance to check out.

What does Raspberry Pi Foundation think about what Adafruit is doing?

They are really supportive of our efforts to get Pi's to the students, makers, and engineers!

In an interview with ZDNet, Eben Upton (co-founder of Raspberry Pi) said:

Any time a product is in short supply you're going to see bots trying to grab stock to resell at a margin: graphic cards are the classic recent example of this. This is parasitic behaviour, and it's great to see people like Adafruit taking measures to stop it

You can tell its really Eben because he spells behavior with a u ;)

How effective is this? This seems like it won't work and can be easily bypassed.

It's actually working out pretty well! In addition to 2FA & account verification requirements, we have added several updates to our checkout process to either outright prevent or significantly mitigate automated repeat purchases of high-demand products such as Raspberry Pi 5's.

Our support team has introduced additional human-lead reviews and audits of flagged orders containing these products.

1-per-customer limits, 2FA, and verified accounts are all part of a multi-pronged system that we use to make purchasing Pi 5's fairer.

Why is Adafruit gradually releasing stock? Why not release them all at once?

We currently have a very limited supply of Raspberry Pi 5s that we are gradually releasing in batches of ~100-300. We have chosen this approach for several reasons:

  1. To avoid additional strain on our staff  when reviewing and shipping these orders,
  2. To give customers multiple weekly opportunities to purchase a Raspberry Pi 5,
  3. To allow us to observe new & evolving bot behaviors and adjust our approach based on what we observe.

Why does it seem like Adafruit is releasing 1 or 2 units at a time sometimes?

Our support team returns items to stock when reviewing fraudulent or automated orders. This means individual units are automatically returned to stock and made available to purchase from time to time.

If I buy a 4Gb Pi 5 do I have to wait to buy a 8Gb Pi 5?
Yes, at this time it's 1 Pi 5 unit of any type. Once we have more supply, we will update what's allowed.

If I ordered a Pi of any kind, how long do I have to wait?
At this time, Raspberry Pi 5 Board purchases are limited to 1 per customer, total. However, we often have RasPi 4 and Zero in stock that folks can purchase and we are not limiting how often those can be bought

I signed up to be notified by email when Raspberry Pi 4 or 5s go back in stock. Why am I not being notified?

We send "back in stock notifications" in a first come, first served order and use the number of units of available stock as the limiting factor when deciding how many emails to send. For a popular product such as Raspberry Pi 4 or 5s, this means for every 300 units we put into stock we notify between 300 - 600 customers based on the order they signed up to be notified.

If you missed out on a notification - please sign up again, we do notify everyone and we do our best to notify a reasonable number of people!

Why is Adafruit requiring app-based 2FA and not allowing SMS?

SMS-based 2FA is relatively easy to spoof and difficult to support internationally. Using app or computer-based TOTP 2FA is free, available on every platform, and is reliable and secure.

I think you could totally fix this problem by doing XYZ... why dont you 'just' do what I came up with?

I bet you do! The developer and customer support team members at Adafruit have been discussing all sorts of techniques from SteamDeck-like reservations, to backorders, to passworded checkout (we did this with the x0xb0x, our first product!), to customized tokens in notification emails...

Like all engineering problems, there's trade-offs to each 'fix' - each one of the options above have implementation and usage downsides (even if they may not be obvious to casual observers) because of the way the Adafruit stock, checkout, support and shipping workflow happens.

Right now, the 2FA + verified email + human oversight technique is working out pretty well! We will adjust and refine the process as we continue to stock and sell Raspberry Pi's.

This guide was first published on May 21, 2019. It was last updated on Mar 08, 2024.

This page (Pi 2FA F.A.Q.) was last updated on Mar 08, 2024.

Text editor powered by tinymce.