1. Bitbucket Website
  2. Public Issue Tracker
  3. master

Issues

Issue #6859 closed

Optional "extra security" mode (BB-8031)

Adrien Saladin
created an issue

Basically prompt the user to re-enter their password for destructive events, like deleting a repo.

Hi,

I logged a few days ago on bitbucket, on my computer, using openid. Today I was able to delete permanently a repository without proving my identity. Maybe you could add a password check in this case ?

Regards,

Comments (6)

  1. Zachary Davis [Atlassian] staff

    Hi Adrien,

    You must be logged in and have permissions to delete a repository. We've implemented additional password prompts before here at Atlassian, and the downside tends to far outweigh the upside. You can always log out of Bitbucket when you're done with your session.

    Cheers, Zach

  2. Adrien Saladin reporter

    I understand that password prompts can be somehow unpleasant. Maybe an enhanced security mode can be made as an opt-in option in the account preferences ?

    Cheers,

  3. Log in to comment