Optionally disable forgot password functionality

Issue #6655 wontfix
created an issue

There should be an option in account configuration to disable the forgot password (password reset) functionality.

In many applications, even a bank account app, for example, there is a limit to the damage that could be done by unauthorized account usage and in most cases the damage is fixable. One can recover from it.

Source code is often very different in that once somebody gets it, it can almost immediately be available to all the wrong people in the world and that can never be taken back or undone. For this reason I would like to see the ability to lock down access more.

For a source code repository with reset password functionality via email, there is an additional system that is required to be secure.... the email system and all paths the email may travel between the source control (sending) servers and the receiving email servers. This introduces so many more weak links such as all employees having access to email servers, domain security and all lines the email itself may travel, since the email itself is not encrypted.

Therefor, although bitbucket may be secure, anybody could gain access to the email systems, domain systems or network the email may travel through and simply click the forgot password button to get an email to reset the password, get the reset link, login and grab the source code.

For this reason, myself and others would like to see a feature to disable forgot password functionality. When this disable option is selected, clicking the forgot password link on login would ultimately result in nothing happening. I figure I am responsible enough to keep track of my password and accept all responsibility of it being lost, without ability to reset. Essentially on a lost password scenario my account is dead even. Worst case, I would have to create the account again. Since it's a git distributed VCS, the repository exists other places in active use outside bitbucket so it is not lost. I would rather accept this risk than accepting the risk that somebody could gain access to my email and get to the source code in my account.

Comments (2)

  1. Marcus Bertrand staff


    While we completely understand your concern, removing the forgot password link won't solve this issue unfortunately. If someone has that level of access within your network, they've likely already got access to code on your local machine. Keep in mind that with DVCS every copy of a repo is a complete copy of the repo.

    Also, if we removed that, there would be absolutely no way to regain access to an account if you've lost the password. Keep in mind that on Bitbucket, no account is 'owned' by any other user (Unlike say, a JIRA account). Essentially, you could end up in a situation where no one anywhere can access the code again.

    All that said, there are other options for enhanced security and we are considering them such as two factor authentication.

    Ultimately, if this is a very strong concern, I'd recommend not using a hosted service like Bitbucket. Instead, use Stash, our behind the firewall solution. This way you can control 100% who has what level of access from your own directory.

  2. Log in to comment