BT

Bitbucket Introduces Required Two-Factor Authentication and IP Whitelisting

| by Sergio De Simone Follow 14 Followers on Feb 28, 2017. Estimated reading time: 1 minute |

Atlassian has announced two new features aimed to make Bitbucket more secure: IP whitelisting and required two-factor verification.

IP whitelisting will allow organizations to restrict the IP address from which a user can view, push, or clone a Bitbucket repository. According to Atlassian, Bitbucket is the first of the leading Git repository management tools to use IP whitelisting to ensure that data is safe even if an account’s password is compromised. Specifically, Atlassian believe that IP whitelisting will make it possible for customers who have preferred using on-premises version control system to have more control on user access, to safely migrate to their data to the cloud. In particular, Atlassian hopes IP whitelisting will allow organizations more sensitive to privacy issues, such as in the financial or health care industry, to enforce advanced security policies, including:

  • Making sure only devices with sufficient security controls are allowed to accesses the data
  • Effectively preventing users from working from home when such a policy is required

Two-factor authentication was introduced in Bitbucket in 2015 as an optional feature which can either leverage a mobile device to handle the second confirmation or a security key device such as the YubiKey. While two-factor authentication can drastically limit the occurrences of identity theft, being optional reduces its effectiveness. Now account administrators can make two-factor authentication mandatory for whole teams. If a user tries to access their account without having enabled two-factor authentication, they will be denied access and shown instructions on how to enable it.

In conversation with InfoQ, Bitbucket Product Leader Rahul Chhabria explained the importance for BitBucket to provide enterprise-grade security features:
Hosting code in the cloud is the standard with many small businesses and catching fire with larger teams. As more professional teams embrace Git and the cloud, they will require advanced security and compliance features to ensure that their private code doesn't get into the wrong hands.
Chhabria also hightlighted a number of security features that were added to bitbucket.io in the last year, including 2FA, U2F, support of ECDSA and ed25519 users keys to SSH, and others.

Both IP whitelisting and mandatory two-step authentication are only available with Bitbucket’s Premium plan, which will cost $5/user/month. Two-step authentication remains available, though, as a free feature to all users who want to enable it.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT