Deprecating Atlassian account password for Bitbucket API and Git activity

September 03, 2021 2 min read
Denise Garcia
Denise Garcia

Starting Sep 13, 2021, new Bitbucket users will not be able to use their personal Atlassian account password when using Basic authentication with the Bitbucket API or Git over HTTPS. They will need to use Bitbucket app passwords.

Bitbucket users who created an Atlassian account before September 13, 2021 will be able to use their Atlassian account password to authenticate with the Bitbucket API or Git until March 1, 2022.

Bitbucket previously shared that starting March 1, 2022, users will not be able to use their Atlassian account password to authenticate with the Bitbucket API or Git over HTTPS. They will need to migrate to using app passwords.

In addition, starting September 13, 2021, new Bitbucket users will not be able to use their Atlassian account password to interact with the Bitbucket API or Git over HTTPS, and will need to use app passwords.

Bitbucket users who created an Atlassian account before September 13, 2021 will be able to use their Atlassian account password to authenticate with the Bitbucket API or Git until March 1, 2022.

How to create an app password

To create an app password:

  1. From your profile and settings avatar, select Personal settings.
  2. Select App passwords under Access management.
  3. Select Create app password.
  4. Give the app password a name related to the application that will use the password.
  5. Select the specific access and permissions you want to assign to this application password.
  6. Copy the generated password and either record or paste it into the application you want to give access. The password is only displayed this one time.

More details on app passwords (including usage and revocation) can be found in Bitbucket documentation.

Other functionality affected

OAuth 2.0 Resource Owner Password Credentials Grant flow

It will no longer be possible to perform the OAuth 2 Resource Owner Password Credentials Grant flow, since this requires an Atlassian account password. App developers should use one of our supported OAuth 2.0 flows to obtain access tokens.

Obtaining a Two Step Verification recovery token over SSH

Bitbucket previously allowed a combination of their SSH key and password to retrieve a Two Step Verification (2SV) recovery code. This will no longer be supported. Users with 2SV enabled should visit their personal settings and securely save or write down their recovery codes to avoid a 24 hour lockout in case of a lost or stolen 2SV device.

Deprecating Atlassian account password for Git and Bitbucket API activity

Starting Mar 1, 2022, Bitbucket users will no longer be able to use their Atlassian account password to interact with Bitbucket…
June 29, 2021 2 min read
Denise Garcia
Denise Garcia

Git Ransom Campaign Incident Report – Atlassian Bitbucket, GitHub, GitLab

Background and Summary of Event Today, Atlassian Bitbucket, GitHub, and GitLab are issuing a joint blog post, in a coordinated effort…
May 14, 2019 2 min read
Ethan Dodge
Ethan Dodge

SourceTree Mac client acquired by Atlassian

On the heels of our Git announcement, we are excited to announced that SourceTree, a powerful Mac DVCS client has joined forces with Atlassian. SourceTree…
October 06, 2011 2 min read
Justen Stepka, Product Manager
Justen Stepka, Product Manager