Announcement: Bitbucket Cloud account password usage for Git over HTTPS and API ending March 1, 2022

@ckraft They are encrypted, but I don't see how that solves the problem? I still have to somehow carry my keys with me and transfer them to the machine I'm working on and they would still be scattered around on machines I may never touch again which isn't secure encrypted or not. If I know I'm not going to touch the machine again I can delete them, but it's just too much hassle that I don't have the time or energy to deal with.

I've already migrated my major projects to a different service with much more flexibility.

I agree that separating the account password from the repo password is a good idea, it's just not implemented in a way that's manageable. I don't use bitbucket as a secure store I use it as a convenience and it's no longer convenient.

Wastes my time, had trouble to check in my code and get Git working again - totally unnecessary in my mind!!!

Moreover the warning for migrating came a bit late in my mind.

Thank you for making it impossible to check in my work today, since I need to leave and don't feel like taking care of this right now!

@Jon Mckeever and @Marc Reig as is common practice with software feature releases, we often do staggered rollouts. So, in this case some users could potentially be able to use their account password for a couple of days after the official March 1, 2022 date. This appears to be the scenario both of you experienced. However, we very strongly advise you to switch to app passwords immediately as you could face unexpected disruption by the removal of your ability to authenticate with your account password for Git over HTTPS and API at any time after March 1, 2022. To avoid any disruption, I strongly advise you to migrate to app passwords ASAP.

I'm a very LOW-level user of GIT and bitbucket, and I've read all the comments in this chain but they may as well be in a language foreign to me.

I had been using the windows git from the command line and that HAD BEEN working with what I presume was my *account* password but trying to do a git pull from one of the repositories in my workgroup this morning, the following messages were returned:

Logon failed, use ctrl+c to cancel basic credential prompt.
Password for 'https://<myusername>@bitbucket.org':
remote: Bitbucket Cloud recently stopped supporting account passwords for Git authentication.
remote: See our community post for more details: https://atlassian.community/t5/x/x/ba-p/1948231
remote: App passwords are recommended for most use cases and can be created in your Personal settings:
remote: https://bitbucket.org/account/settings/app-passwords/
fatal: Authentication failed for 'https://<myusername>@bitbucket.org/<workgroupname>/<repository_id>.git/'

I went to the link recommended to set an 'app password' and had NO IDEA what permissions I needed to set. Should I have just checked EVERY one of the permissions?

I guess what I'm asking is...is there an "Atlassian App Passwords for Dummies" posting out there somewhere?

Thanks in advance for whatever guidance anyone (David D.?) can provide.

Perhaps my query is very similar to the post by Renee Dubuc just above.

"JK"

@Clemens Wendt sorry for the disruption. For clarification, the email we provided Monday, February 28, 2022, was not the only notification of this change we sent to customers. We have been notifying customers on multiple channels starting in September 2021 via blog (in September 2021), multiple emails (starting in November last year), and, since mid-January, a terminal warning each time a user used their account password with the Git over HTTPS protocol. Furthermore, we believe the error messaging we put in place for those affected by the rollout of this change allows for a relatively quick, DIY resolution. 

For a Git push to Bitbucket Cloud to get your code checked in, it should be relatively quick to create an app password and use that in place of your account password to push your code to Bitbucket Cloud. However, for those using an account password for Basic authentication in CI/CD pipelines and similar automated DevOps and GitOps flows it could take a bit more time to migrate over to app passwords which is why we were proactive in notifying customers well ahead of time of this change. 

I'm sorry for the disruption this has caused you. Please let us know if you have any questions or issues once you have created an app password and tried using it in place of your account password to get your code pushed to your Bitbucket Cloud repository.

@_JK_ Kalenowsky we had already updated our community post a couple of days to include a link to the documentation detailing the differing privilege scopes for app passwords under the "Why are we making this change?" section. You can find that documentation here. Please note, this documentation is in our REST API documentation space, but these same privilege scopes are used for app passwords as well. 

@David Dansby I was aware of the change coming, I'm NOT 'complaining' about that. BUT now that the change HAS happened, I need some help!

WHAT boxes I should check when trying to create the App password? As I read all of the documentation that was pointed to in the announcements, I'm sure it was quite clear to the more savvy users of "your"/Atlassian's product/service. TO ME, a "LOW-LEVEL" user as I described myself as I opened my comment, it was all "foreign language" and Google Trnslate offered no help

My request was for an "Atlassian App Passwords for Dummies" (or something along those lines) that describe, in terms simple and clear enough to me, WHICH of the 47,000 permission boxes I should check in that App password creation web page for what I do (okay, so it's only 24 boxes, not 47,000). And "what happens next", once I create (hopefully successfully) that App password.

"JK"

I have been using an app password instead of an account password since long before this change. Today I tried to pull on IntelliJ and I was prompted for my password. I typed in my app password and I got this:

11:21 Git Pull failed
remote: Bitbucket Cloud recently stopped supporting account passwords for Git authentication.
remote: See our community post for more details: https://atlassian.community/t5/x/x/ba-p/1948231
remote: App passwords are recommended for most use cases and can be created in your Personal settings:
remote: https://bitbucket.org/account/settings/app-passwords/
Authentication failed for 'https://bitbucket.org/xxxxxx/xxxxxxxx.git/'

Almost as if it thinks I'm trying to use an account password rather than an app one.

This change is garbage and w/ very little heads up. I've been spending hours trying to get this working in our current deployment script. I'm doing everything you say to do but it simply doesn't work.

@Chris Astles can you please provide me with more details so I can try and assist you.

When in IntelliJ are you trying Git pull from inside the terminal in IntelliJ? Are you sure you are using a new app password with the correct perm scopes? You created the app password in your Bitbucket Cloud account's Personal Settings, correct (i.e., here https://bitbucket.org/account/settings/app-passwords/)? If so, then you can look inside your app passwords in settings and see if/when it was used. 

@Chris Silvey sorry for the disruption. If you explain your issue I can try and assist you. Please let me know

For clarification, the email we provided Monday, February 28, 2022, was not the only notification of this change we sent to customers. We have been notifying customers on multiple channels in hopes they would take action prior to this change to avoid any potential disruption. This started in September 2021 via blog (in September 2021), multiple emails (starting in November last year), and, since mid-January, a terminal warning each time a user used their account password with the Git over HTTPS protocol.

@_JK_ Kalenowsky unfortunately, we don't have documentation that is as explicit as what you stated,  "Atlassian App Passwords for Dummies". I personally wish we did :(

However, let me try and help you quickly. If you are just using an app password for pushing and pulling from your local repositories on your computer to your Bitbucket Cloud account, then you should only require 

• Repositories: Read and Write (pro-tip: you can just click Write and it will also select Read)
• Snippets: Read and Write
  • If you don't use Snippets you will not need this, but I recommend this just in case you want to make a Snippet and push/pull from it in your Bitbucket Cloud account in the future.

Please let me know if this helps.

@David Dansby I did indeed make those changes and used the app password instead of the account password as instructed in the docs.

I was able to finally get it working after hours of trying to find out what was causing it. We use a repo called BuildSuite for Commerce Cloud which allows us to use grunt and npm run commands to deploy our Master repo to our website.

Inside of the BuildSuite repo, there was a folder called exports which contained our Master repo code. For whatever reason, after deleting what was inside of that folder the deployment started working again and I no longer received the "Warning: remote: Bitbucket Cloud recently stopped supporting account passwords for Git authentication." error.

Not sure exactly how that fixed the issue but it did, thanks!

@Chris Silvey that's odd, to say the least, but we're glad you got it resolved. Please let us know if you experience any other related issues.

Also, thank you for choosing Bitbucket Cloud to host your repositories.

Happy coding! 

I can't push my code to bitbucket? It says "Authentication failed"

I am badly stuck with your new feature, it's completely useless... Now how do I push my code???

You guys should have given a prompt in VS 2019 extension UI  or  correct error in output window. I wasted several hours trying  to figure out what's the problem. Better option would be to provide a prompt of these changes on Bitbucket's website where we have option to clone a repo. So that in case someone having problem and trying to see if can access repo and clone from web/

@shobhitpundir07 are you referencing VS Studio or VS Code extension?

@Musab Gulfam can you provide more details with your issue so that I can try and help you. Where are you seeing this "Authentication failed" error? In your terminal, while you try and push/pull/fetch from your Bitbucket Cloud repo or while trying to use the Bitbucket Cloud API, or somewhere else? 

HOURS trying to make sourcetree work. My repo is not public, I can clone but can't push. wtf?

@David DansbyI'm referring VS 2019 extension. Have update my prev comment as well.

Hi,

My bitbucket is login but once i will do cloning process that time Authentication failed  issue coming so i can't clone the project please help me

@DhanalakshmiM  If you are using VS2019 and using BitBukcet plugin to clone then instead of putting your BitBucket regular password generate a App Password https://bitbucket.org/account/settings/app-passwords/ and assign permission to this password and use it.

@shobhitpundir07 it appears you are using Visual Studio 2019 and using this Bitbucket extension, correct? That extension is community created (and appears to no longer be maintained). We had another person have a similar issue (please see https://community.atlassian.com/t5/Bitbucket-discussions/Can-not-log-in-to-Bitbucket-in-Visual-Studio/td-p/1961323#U1962001). 

Unfortunately, as we do not own this extension and the original creator appears to no longer maintain it, we are not responsible for its error messages and updates. I did make an issue in the GitHub repository for the extension explaining how this change may affect users that are using the extension in the hopes that they may see it. 

But yes, if you are using this extension and still using your account password then you will most likely get an error when authenticating with this Bitbucket extension for Visual Studio. You will need to update to an app password as you noted.

Lastly, I want to warn you of using that extension, because, as stated above, we do not own it and it appears to no longer be maintained. So, you run the risk of having other issues in the future by using it. 

Let me know if you have any other questions around this app password change.

Happy coding,

David

@urias are you using Sourcetree on Windows? If that is the case then there is an issue with the Git credential manager that Windows uses that causes issues when updating credentials in Sourcetree on Windows. Currently, it appears the only way to resolve this issue is to do a full reinstall. I detail the steps to resolve the issue in this Sourcetree community post, please visit it and walk through the suggest steps until you resolve your issue: https://community.atlassian.com/t5/Sourcetree-questions/App-password-SourceTree/qaq-p/1959470

And to clarify, this is not an app password issue but a Sourcetree issue specific to the Windows version. 

Let me know if this helps.