At Atlassian your security matters to us. Help us keep your account and information safe. We recommend following the steps below regularly.
Change the passwords for your online accounts (including your email accounts) and use a different password for each. Particularly if they use the same credentials you used for your Atlassian account.
Enable two-step verification for your account to require an extra step when you log in to your account. Learn how to set up two-step verification.
Use an API token for Jira and Confluence REST API basic authentication. Learn more about API tokens.
If you use Bitbucket:
Review your account's sessions history and audit logs in Bitbucket (once you log in) to ensure no one other than you has made changes.
Use an SSH key when performing Git operations. Learn more about SSH keys.
Whitelist your IP addresses so that users can only access your Bitbucket content from those IP addresses. You must be a Bitbucket team admin (or account owner) to whitelist IP addresses.
Use a password manager to help you generate and store strong passwords.
Stay secure when login details are stolen
We have security measures in place to detect whether your password is on a list of login details that have been stolen during another company’s breach.
When we detect that you’re using the same password for your Atlassian account to log in to the website of a company that’s been breached, we invalidate your password and require you to set a new one as a precautionary measure. This helps to keep your Atlassian account secure and prevent attackers from gaining unauthorized access.
If this happens, you’ll see an on-screen notification when you try to log in and we’ll send an email with more information. Follow the steps in the notification or email to set your new password.