Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Atlassian Cloud Password Policy

Matthew Wanders
Matthew Wanders Jun 21, 2018

We subscribe to the Atlassian Cloud services and have JIRA and Confluence.  Although we've verified our domains, we don't subscribe (pay for) Atlassian Access - so we have no way of managing the password policy for managed user accounts.  Fine.  WHAT is the password policy that's enforced by default with you DON'T have Atlassian Access?  Our auditors are asking and I can't find anything in the documentation to tell me.

Answer
Watch
Like Be the first to like this
2111 views

1 answer

1 accepted

1 vote
Answer accepted
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jun 26, 2018 • edited Jul 16, 2019

Hi Matthew,

The standard password requirement is 8 to 100 characters. There are no constraints on character complexity.

You're completely correct that the documentation can't be found. I've opened a ticket internally and we're working on getting the documentation updated. Once the updated documentation is live, I'll post the link here.

Thanks,
Daniel

Update: the password requirements are now documented on our Password Policies article.

View More Comments
sanjeev puri
sanjeev puri Jul 11, 2019

I don't think it is 8 characters as someone from security did 4 characters and it was accepted?

Like
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jul 16, 2019

Hey Sanjeev, welcome to the Community!

I've just tested password lengths of 1-7 characters and they all fail. Here's some proof of this in action, the failure with 6, increasing to 7, and still having it fail:test_create.gif

 

If you are currently subscribed to Atlassian Access, it's possible for your organization administrator to set a password strength requirement lower than what we require for unmanaged accounts. For example, setting a 'weak' policy would allow a user to select a password like 'n98k'. The fix for this is simply to require stronger passwords in your policy configuration!

Cheers,
Daniel

Like
Lionel SAMUEL
Lionel SAMUEL Oct 29, 2019

Hello,

Thank you for your answer Daniel.

But in the password policy you say that you use entropy score.

If we choose very strong option what is the minimum score used ?

in the exemple you show a password with 11 of lenght and 4 of complexity.

What happen if we want to set the min lenght to 12?

Thanks 

Lionel 

Like
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Oct 29, 2019

@Lionel SAMUEL we use the zxcvbn library to calculate the entropy. There's not so much a concept of length requirements for strength - instead it looks at the characters used (and subtracts common passwords plus some obvious no-no's like the username).

For lots of information about how zxcvbn calculates the score, check out this informative blog post. If the policy at your company sets a 12 character limit, I would recommend setting the complexity to "Strong" after reviewing how the score is calculated. As an alternative, you could use an Atlassian Access subscription to set up your accounts with SAML at another authentication provider (Okta, Azure AD, etc) where you may have more precise password policies available.

Cheers,
Daniel

Like Steffen Opel _Utoolity_ likes this
Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Atlassian Account
TAGS
AUG Leaders

Atlassian Community Events

See all events