Last updated Sep 7, 2021

Rate this page:

Deprecation notice - Atlassian account passwords for API and Git activity will be disabled 1 March 2022

As previously announced in the Bitbucket blog, beginning 1 March 2022, Bitbucket users will not be able to use their Atlassian account passwords for API and Git activity.

Additionally, we've recently announced that new users with Atlassian accounts created on or after 13 September 2021 will not be able to use their account passwords for these Bitbucket activities.

For API and Git operations, an app password with the necessary scopes can be used in place of your account password. Please see Bitbucket Cloud documentation for a detailed explanation of what app passwords are and how to create and use them.

Other functionality affected

OAuth 2.0 Resource Owner Password Credentials Grant flow

It will no longer be possible to perform the OAuth 2 Resource Owner Password Credentials Grant flow, since this requires an Atlassian account password. App developers should use one of our supported OAuth 2.0 flows to obtain access tokens.

Obtaining a Two Step Verification recovery token over SSH

Bitbucket previously allowed a combination of their SSH key and password to retrieve a Two Step Verification (2SV) recovery token. This will no longer be supported. Users with 2SV enabled should visit their personal settings and securely save or write down their recovery tokens to avoid a 48 hour lockout in case of a lost or stolen 2SV device.

Rate this page: