Security of JIRA content is very important for many of our customers and securing the login action is the first step to ensure valid authentication to protect confidential information. Currently, JIRA offers only email/username password combination is available.
Two factors authentication can be adopted to add more security to JIRA login action.
Many solutions are available, like Gmail approach for two factor:
- SMS based, no new hardware needed
- Can authorize a browser for up to 30 days from a single two factors auth (e.g. only pw is needed for 30 days, and on day 31 you have to do the whole two factors dance)
Gmails approach is a nice combination of security and ease of use but others are available too.
There is 2 plugin offering this features