• Documentation

Manage two-step verification for your Atlassian account

Two-step verification protects your Atlassian account by requiring your password, and then an additional login step. The additional step keeps your account secure, even if your password is compromised.

If your organization manages your Atlassian account, they can require you to use two-step verification when you log in. Read about enforced two-step verification

If you're an organization admin and you're looking for guidance on enforcing or removing two-step verification, visit our admin-friendly page for info: Enforce two-step verification

Enable two-step verification

As a logged-in user, you’re already completed one-step verification by providing your password. You can enable two-step verification at any time. When you enable it, you will be prompted to set up your additional verification step. The additional login step might be:

  • a verification code that you get from an authenticator app

  • a text (SMS) message

  • a security key, such as a Yubikey

When you enable two-step verification, we keep you logged in on your current device but we may log you out of your other devices. To access your other devices, you need to enter your password and complete the second verification step.

To enable two-step verification:

  1. Log in to your Atlassian account at https://id.atlassian.com/manage-profile/security and select Manage two-step verification.

  2. Enter your password in the Atlassian account password field and select the Set up button.

  3. Select a verification method, and follow the prompts to complete your configuration. If you need detailed steps, see the sections below for each type of two-step verification method.

Be sure to copy, print, or record your emergency recovery key and keep it in a secure place. A recovery key is essential to recovering your account if you lose access to your authenticator app.

Enable your preferred methods

You can enable one or more verification method after you’ve enabled two-step verification. Having more than one verification methods set up can be useful if you can’t use your preferred method to log in.

Access two-step verification settings

  1. Log in to your Atlassian account at https://id.atlassian.com/manage-profile/security and select Manage two-step verification.

  2. If required, enter your password in the Atlassian account password field and select the Unlock settings button.

  3. Choose from the following methods.

Method 1: Use a security key

  1. Select Enable security key.

  2. Enter a name for the key.

  3. Select Register key.

  4. Follow the instructions on your screen to finish the setup setting up.

Method 2: Use an authentication app

Before you start, make sure you’ve installed an authenticator app on your device or desktop. We support most authenticator apps – some of the more common ones are Google AuthenticatorAuthy, or Duo.

  1. Select Enable authenticator app.

  2. Follow the instructions on your screen to finish setting up.

Method 3: Use text (SMS) messages

This method is only available if you’re setting up your first two-step verification method. Other methods offer better security, so use this method only if no other option is available.

  1. Select Limited security option, then Get started with SMS.

  2. Enter your phone number and select Send SMS with code. We'll send you a text message with a code.

  3. Enter the code and select Connect phone.

  4. Follow the instructions on your screen to finish setting up.

You're all set up! The next time you log in to your Atlassian account, use your security key or check either the authentication app or the messages on your phone to find the code for the second login step.

If you run into issues, see Login issues related to two-step verification.

Log in with two-step verification

Once you've enabled two-step verification, you'll need your security key or phone to log in.

Log in with security key

  1. Enter your email address and password

  2. Click on Log in to initiate the security key login

  3. Use any of your registered security keys

Log in with authenticator app or text messages

  1. Enter your email address and password.

  2. Get a new verification code. Do either of the following:

    • Open the authentication app on your smartphone and retrieve the new code.

    • Check your phone for a text message from Atlassian with the new code.

  3. Enter the verification code.

Manage two-step verification

Manage your security keys

You can add multiple security keys, delete keys and rename keys.

  1. Log in to your Atlassian account at https://id.atlassian.com/manage-profile/security and select Manage two-step verification.

  2. If required, enter your password in the Atlassian account password field and select the Unlock settings button.

  3. Choose from the following actions:

    • To add a new key, select the Register new key button.

    • To delete a key, select the Delete button for the corresponding key.

    • To rename a key, select the name of the key and then type a new name.Disable two-step verification

Disable a verification method

If you no longer need a two-step verification method, you can turn it off, as long as you’ve already enabled at least one other method.

  1. Log in to your Atlassian account at https://id.atlassian.com/manage-profile/security and select Manage two-step verification.

  2. If required, enter your password in the Atlassian account password field and select the Unlock settings button.

  3. Navigate to the verification method you wish to disable.

  4. Select More actions (•••) for that verification method, then select Disable.

Disable two-step verification

If you disable two-step verification, your account no longer has the protection of a second login step.

  1. Log in to your Atlassian account at https://id.atlassian.com/manage-profile/security and select Manage two-step verification.

  2. If required, enter your password in the Atlassian account password field and select the Unlock settings button.

  3. Under Settings, select Disable two-step verification.

  4. From the confirmation dialog that appears, select Disable to stop using two-step verification.

After you disable two-step verification, you no longer have to log in with your security key, SMS code, or authentication app. You can re-enable two-step verification at any time.

Be aware that if your organization requires you to have two-step verification enabled, and you disable it on your account, you won't be able to log in to enable it again.

Recover your account

If you don't have your security key, phone or can't access your authenticator app, you can log in to your Atlassian account using your emergency recovery key that you created previously. You'll get a new recovery key because you can only use a recovery key once. Remember to copy, print, or record your new recovery key.

Use your emergency recovery key instead of a verification code

If you don't have a verification code, you can use your recovery key.

  1. Enter your email address and password as you do normally.

  2. When the screen asks for a verification code, select Use recovery key.

  3. Enter your recovery key.

  4. You'll get a new recovery key, because you can only use a recovery key once. 

  5. Copy, print, or record your new key.

If you've lost your recovery key, see Login issues related to two-step verification or contact Atlassian support to get back into your account.

Create a new emergency recovery key

If you've lost your recovery key or have concerns that someone else has it, you can create a new key, but only if you're not already logged out.

  1. Log in to your Atlassian account at https://id.atlassian.com/manage-profile/security and select Manage two-step verification.

  2. If required, enter your password in the Atlassian account password field and select the Unlock settings button.

  3. Select Create new emergency recovery key.

  4. Follow the instructions on your screen to create a new key.

Make sure to copy, print, or record your new recovery key, but treat it as securely as any other password. Note that the new recovery key replaces your old recovery key.

If you run into issues with two-step verification, see Login issues related to two-step verification.

Enforced two-step verification

If your organization manages your Atlassian account, they can require you to use two-step verification when you log in. (Organization admins, see .)

When that happens:

  • You'll get an email from your admin, telling you that two-step verification is required, and pointing you to the instructions for enabling it.

  • You'll need to enable two-step verification, as described in the Enable two-step verification section.

API access tokens with two-step verification

If you enable two-step verification on an account that is used by scripts or services to access Atlassian Cloud REST APIs, then that account won't be able to use a password for basic authentication against a REST API. We recommend that you use an API token instead, although an organization admin could exclude the relevant account from two-step verification. Read more about API tokens.

Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageEnable two-step verificationEnable your preferred methodsAccess two-step verification settingsMethod 1: Use a security keyMethod 2: Use an authentication appMethod 3: Use text (SMS) messagesLog in with two-step verificationLog in with security keyLog in with authenticator app or text messagesManage two-step verificationManage your security keysDisable a verification methodDisable two-step verificationRecover your accountUse your emergency recovery key instead of a verification codeCreate a new emergency recovery keyEnforced two-step verificationAPI access tokens with two-step verification
CommunityQuestions, discussions, and articles