Require two factor authentication support for On Demand authentication

Archie Cobbs November 11, 2012

When will On Demand support two factor authentication? Simple login/password security on world-accessible web sites just doesn't cut it these days.

There is a non-proprietary, open standard for two-factor authentication. It's called RFC 4226. This is the same standard that Google uses for Gmail and that is implemented by the Google Authenticator smartphone app and others.

The algorithm, based on SHA-1, is easy to implement, and key management and distribution is easy as well.

Atlassian needs to get on the bandwagon before something really damaging and embarassing happens.

7 answers

1 accepted

0 votes
Answer accepted
Harry Chan
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 12, 2012

Hi, there is an open issue in Crowd for it. It will be implemented in Crowd. Please vote for it https://jira.atlassian.com/browse/CWD-677.

Otherwise, if you are looking for a hosted Atlassian solution outside of OnDemand with two factor authentication, we've done this before for customers using an Apache Module. If you are interested, contact us at sales@queryfoundry.com.

3 votes
Anton Storozhuk April 24, 2019

Hi @Archie Cobbs 

There's a Jira 2FA plugin available (works well with Google Authenticator) with U2F devices support 

https://marketplace.atlassian.com/apps/1220048/2fa-u2f-totp-secure-login-for-jira?hosting=server&tab=overview.

 

Please note that this app has Data Center edition.

1 vote
Ivan Novikov September 14, 2015

Ping. Can i use two factor auth for JIRA cloud?

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 14, 2015

Have a look at the link Harry posted in the original correct answer.

0 votes
Deleted user September 29, 2014

Forgot to add, I use Google Authenticator already for other projects. Be nice if I could use it here.

0 votes
Deleted user September 29, 2014

Desperately seeking 2-factor authentication. This could be a deal breaker if it really is NOT on the roadmap or available soon.

0 votes
John Dyer February 17, 2014

Any idea if this is ever going to happen ? I totally agree with Archie, it's crazy you guys don't support this

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 17, 2014

Follow up comments are probably better posted into Jira - once Atlassian have a specific issue for it, it won't get much attention on Answers (See and follow Henry's link to the request)

Tom November 10, 2015

I'm tired of waiting for Atlassian. I will provide an Atlassian managed cloud for you to get two-factor authentication and IP restrictions. If you are open to this idea, let me know here: http://smsworkflow.com/site/managed-cloud-interest/

0 votes
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 11, 2012

Two factor is usually very poorly implemented, or just misunderstood. I'm hoping that if Atlassian do something like it, they do it properly. Quite difficult given that there aren't many good examples around.

Archie Cobbs November 11, 2012

It's not hard. Here's my example: http://code.google.com/p/mod-authn-otp/

Suggest an answer

Log in or Sign up to answer