As previously announced in the Bitbucket blog, beginning 1 March 2022, Bitbucket users will not be able to use their Atlassian account passwords for API and Git activity.
Additionally, we've recently announced that new users with Atlassian accounts created on or after 13 September 2021 will not be able to use their account passwords for these Bitbucket activities.
For API and Git operations, an app password with the necessary scopes can be used in place of your account password. Please see Bitbucket Cloud documentation for a detailed explanation of what app passwords are and how to create and use them.
It will no longer be possible to perform the OAuth 2 Resource Owner Password Credentials Grant flow, since this requires an Atlassian account password. App developers should use one of our supported OAuth 2.0 flows to obtain access tokens.
Bitbucket previously allowed a combination of their SSH key and password to retrieve a Two Step Verification (2SV) recovery token. This will no longer be supported. Users with 2SV enabled should visit their personal settings and securely save or write down their recovery tokens to avoid a 48 hour lockout in case of a lost or stolen 2SV device.
Rate this page: