Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-7815

Two-factor authentication (2FA) for Bitbucket Server



    • 311
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.


      Atlassian status as of Mar 2022

      Hi everyone,

      Thanks everyone for voting and commenting on this suggestion. Your input in the comments helps us understand how this affects you and what you're hoping to accomplish with Bitbucket Data Center.

      We spend a significant amount of time determining our product investments in Bitbucket Data Center. Unfortunately, we are not planning to address this suggestion in the next 12 months.

      In the last year, we have resolved many of the highly voted suggestions like Reviewer groups, Pull request description templates, capability to enable/disable source branch deletion on merging pull requests and our upcoming roadmap includes a number of other top voted suggestions, including repository archiving. Please check out our public roadmap for more details on the coming soon and future items.

      In the meantime, Bitbucket Data Center supports single sign-on via external services that provide 2FA capabiltiy. Also, we suggest checking one of the 2FA apps in Atlassian Marketplace.

      I understand that this may be disappointing, but it’s important for us to be open, honest, and transparent with our customers. Product feedback is collected from many different sources and is evaluated when planning the product roadmap. You can learn more about our process here.


      Anton Genkin
      Product Manager - Bitbucket Data Center & Server

      Original suggestion


      2FA is a must nowadays. Please implement. I would suggest whatever Google Authenticator and Authy use (TOTP).

      Please let me know if you have further questions in terms of requirements. In a nutshell, I'd like to see:

      1. Ability for administrators to enable, disable or require 2FA for users
      2. This could be in the form of Google Authenticator-like time-based keys which the user can retrieve on their mobile/desktop device (or via SMS), or something simple like "security questions". Ideally configurable.
      3. This requirement should cover both UI and more importantly git operations through ssh.


        Issue Links



              Unassigned Unassigned
              f115c1b70f8c Christopher Hiller
              128 Vote for this issue
              100 Start watching this issue