Strengthening security with two-step verification for Atlassian Data Center

In today's digital landscape, ensuring the security of your systems and data is more critical than ever. Cyber threats are continuously evolving, and attackers are becoming increasingly sophisticated. As system administrators, safeguarding the information and infrastructure you manage is paramount to maintaining trust and operational integrity.

To bolster security measures and protect against unauthorized access, Atlassian Data Center has introduced a new login page featuring two-step verification (also known as two-factor authentication) across all its products. This post will cover everything you need to know about this crucial new feature, as well as why implementing 2SV is a necessity.

How two-step verification works in Atlassian products?

Two-step verification adds an additional layer of security to the login process. Beyond the traditional username and password, 2SV requires a second form of verification - time-based one-time password (TOTP). It can be configured with any mobile or desktop authenticator app. This ensures that even if an attacker manages to acquire a user’s password, they cannot access the account without the second factor, significantly reducing the risk of unauthorized access.

It does not require an Internet connection, so you can use it also for air-gapped instances.

Every user has an option to set up 2SV from their profile settings. Additionally, instance administrators can enforce 2SV for high-risk authority users that have the privileges of user creation, like admins (for Confluence) and system admins (for other Data Center products). Once the enforcement is enabled, these users will be asked to set up two-step verification the next time they log in.

To learn more about 2SV in Atlassian Data Center, go to: Manage two-step verification for your Atlassian account | Atlassian Support | Atlassian Documentation.

Why enable two-step verification for Atlassian Data Center products?

Cyber threats are on the rise, with data breaches and unauthorized access incidents becoming alarmingly common. In many cases, these breaches can be traced back to compromised credentials. Passwords alone are no longer sufficient barriers against today’s persistent attackers who employ techniques like phishing, brute force attacks, and credential stuffing to gain access to sensitive systems.

For this reason, single factor authentication has been added to the Common Weakness Enumerations list: CWE - CWE-308: Use of Single-factor Authentication (4.16).

By implementing 2SV, system admins can dramatically reduce the likelihood of unauthorized access. This additional verification step acts as a barrier, ensuring that only authorized personnel can access critical systems and data.

Additionally, many industries have regulatory requirements mandating enhanced security protocols. By enabling 2SV, organizations can better comply with these regulations, thereby avoiding potential fines and building trust with clients and stakeholders who expect robust security measures.

To enhance the security of your Atlassian Data Center products and protect against cyber threats, enable two-step verification today. This proactive measure safeguards your data and shows your commitment to a secure environment. Don’t wait for a breach—implement 2SV now to fortify your systems against unauthorized access. For detailed instructions, visit: Manage two-step verification for your Atlassian account | Atlassian Support | Atlassian Documentation.