Is there a way to set App password complexity and expiry requirements

Luke Franzelas March 23, 2021

My environment requires the frequent change of passwords and keys.  This includes bit bucket app passwords.  Is there a way to force a user to change their password after a specified time period and force that password to meet password requirements. 

I've done a few searches and keep coming up with this but it doesn't seem to indicate whether or not this impacts app passwords:
https://support.atlassian.com/security-and-access-policies/docs/manage-your-password-policy/

1 answer

1 vote
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 24, 2021

Hi Luke,

The documentation you linked is applicable for Atlassian account (the ones for https://id.atlassian.com/, which are used for authentication to our Cloud products) passwords only and it doesn't impact Bitbucket app passwords.

I'm afraid that it is not possible to set and enforce an expiry date for app passwords. We have a feature request about this in our issue tracker:

I would suggest that you add your vote in that feature request (by selecting the Vote for this issue link) as the number of votes helps the development team and product managers better understand the demand for new features. You are more than welcome to leave any feedback, and you can also add yourself as a watcher (by selecting the Start watching this issue link) if you'd like to get notified via email on updates.

Implementation of new features is done as per our policy here and any updates will be posted in the feature request.

There is no option to set app password complexity either, however app passwords are not set by the user (like passwords), they are generated by Bitbucket and are quite complex. What kind of complexity requirements would you like to be able to set? Would it be minimum length of app-password? A requirement to include e.g. special characters? I could open a feature request for this if you'd like (please feel free to let me know), but it would be useful to know what kind of complexity requirements you're interested in.

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events