Issue #6859 open

Optional "extra security" mode (BB-8031)

Adrien Saladin
created an issue

Basically prompt the user to re-enter their password for destructive events, like deleting a repo.

Hi,

I logged a few days ago on bitbucket, on my computer, using openid. Today I was able to delete permanently a repository without proving my identity. Maybe you could add a password check in this case ?

Regards,

Comments (5)

  1. Zach Davis staff

    Hi Adrien,

    You must be logged in and have permissions to delete a repository. We've implemented additional password prompts before here at Atlassian, and the downside tends to far outweigh the upside. You can always log out of Bitbucket when you're done with your session.

    Cheers, Zach

  2. Adrien Saladin reporter

    I understand that password prompts can be somehow unpleasant. Maybe an enhanced security mode can be made as an opt-in option in the account preferences ?

    Cheers,

  3. Zach Davis staff

    Based on the conversation above, I changed the title and description of the issue. I'll reopen it and leave it here so other people can comment/upvote if they also want this. But know that this is not currently a high priority item for us.

  4. Log in to comment