You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
You may have recently received an email communication or read our blog post announcing that beginning March 1, 2022, Bitbucket Cloud users will no longer be able to use their account passwords when using Basic authentication for Git over HTTPS and the Bitbucket Cloud REST API.
So, we wanted to take the time to inform the Bitbucket Cloud community of further details regarding this change and provide a FAQ (Navigate to the bottom of this post to jump directly to the FAQ section).
From Git remote URL using email address:
To Git remote URL using Bitbucket Cloud username:
The removal of account password usage for Basic authentication when using Git over HTTPS and/or the Bitbucket Cloud REST API is due to Bitbucket Cloud's ongoing effort to align with internal infrastructure and improve Atlassian account security. App passwords are substitute passwords for a user's account and are designed to be used for a single purpose with limited permissions.
By replacing the usage of account passwords with app passwords for Git over HTTPS and/or the Bitbucket Cloud REST API, we are able to improve account security given the fact that app passwords are single-use, have limited permissions, and can be easily and quickly revoked.
You can find more details about the various privilege scopes for app passwords in our documentation.
Beginning March 1, 2022, you will no longer be able to use your account password when using Basic authentication with Git over HTTPS and/or the Bitbucket Cloud REST API.
Furthermore, it will no longer be possible to perform the OAuth 2.0 Resource Owner Password Credentials Grant (4.3) flow. Bitbucket Cloud still supports the remaining three OAuth 2.0 (RFC-6749) grant flows, plus a custom Bitbucket flow for exchanging JWT tokens for access tokens. More details about accepted OAuth 2.0 flows can be found in our Bitbucket Cloud documentation.
If you have saved your credentials (i.e., username and account password) in a credential manager such as Git Credential Manager (GCM), Windows Credential Manager, OS X Keychain, or some other third-party application, then you will need to update them with an app password before March 1, 2022, in order to continue using Basic authentication with the Bitbucket API and/or Git over HTTPS without disruption.
Two-Step Verification (2SV) recovery code retrieval
Bitbucket previously allowed using a combination of the SSH key and password to retrieve a two-step verification (2SV) recovery code. This will no longer be supported beginning March 1, 2022. Users with 2SV enabled should visit their personal settings and securely save or write down their recovery codes to avoid a 24-hour lockout in case of a lost or stolen 2SV device.
If you are using an app password or SSH Key for authentication from a 3rd-party application such as Jenkins to connect to Bitbucket Cloud, you do not need to make any changes. However, if you are using your account password for Basic authentication to connect to Bitbucket Cloud, then you will need to update it to use an app password instead.
Jira Cloud integration with Bitbucket Cloud will not be impacted by this change.
This will no longer be supported beginning March 1, 2022. If you do not have access to your 2SV recovery codes and do not have access to your 2SV device, then you will have to request a 2SV email recovery by following these steps:
To help avoid any further disruptions, remember that this will create a 24-hour delay in getting access to your account.
This change should not impact integrations with 3rd-party applications using OAuth 2.0.
There is no functionality within Bitbucket Cloud to allow workspace admins to identify what authentication method each member of the workspace is using for Git transactions.
There will be no impact on SSH-based connections.
If you are using the HTTPS protocol for Git operations, and it was configured using your Atlassian account password for Basic authentication to connect to Bitbucket Cloud, then you will need to update your configuration to use either an app password. You can also switch to the SSH protocol by generating and uploading your SSH public key to your Bitbucket Cloud profile.
This functionality should not be impacted. However, Google Cloud could request that you re-authenticate yourself at any time.
The Bitbucket Cloud team