Secure your account with two-step verification

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

Two-step verification protects your Atlassian account by requiring a second login step. That second step keeps your account secure, even if your password is compromised.

If your Atlassian account is managed, then your organization admin can require you to use two-step verification when you log in. Read more about enforced two-step verification.


Enable two-step verification

The second login step for two-step verification requires a 6-digit verification code that you get either from a verification app on your smartphone, or by text (SMS) message on any mobile phone.

Use a verification app on your smartphone

  1. Install an app such as Google AuthenticatorAuthy, or Duo on your phone. For download links to these apps, go to atlassian.com/2step on your phone.
  2. Now, log in to your Atlassian account at https://id.atlassian.com/ and click Two-step verification in the left panel.
  3. Enter your password in the 'Account password' field and click Set up two-step verification.
  4. Follow the instructions on your screen to finish setting up.


Use text (SMS) messages on any mobile phone

  1. Log in to your Atlassian account at https://id.atlassian.com/ and click Two-step verification in the left panel.
  2. Enter your password in the 'Account password' field and click Set up two-step verification.
  3. Choose Don't have a smartphone? then Enable using SMS.
  4. Enter your phone number and click Send SMS with code. We'll send you a text message with a 6-digit code.
  5. Enter the 6-digit code and click Connect phone.
  6. Follow the instructions on your screen to finish setting up.

Be sure to copy, print, or record your emergency recovery key and keep it in a secure place. A recovery key is essential to recovering your account if you lose access to your verification app.


You're all set up! The next time you log in to your Atlassian account, check either the verification app or the messages on your phone to find the 6-digit code for the second login step.

If you run into issues, check our troubleshooting section below.


Log in with two-step verification

Once you've enabled two-step verification, you'll need your phone to log in:

  1. Enter your email address and password as you do normally.
  2. Get a new 6-digit verification code. Do either of the following:
    • Open the verification app on your smartphone and retrieve the new 6-digit code.
    • Check your phone for a text message from Atlassian with the new 6-digit code.
  3. Enter the verification code.

If you run into issues, check our troubleshooting section below.


Disable two-step verification

If you disable two-step verification, your account no longer has the protection of a second login step.

  1. From the Two-step verification page, enter your Account password and click Unlock settings to get to your two-step verification settings. You won't see this option if you recently entered your password.
  2. Under 'Settings', click Disable two-step verification.
  3. From the confirmation dialog that appears, click Disable to stop using two-step verification.

After you disable two-step verification, you no longer have to log in with your verification app. You can re-enable two-step verification at any time.

Be aware that if your organization admin has required you to have two-step verification enabled, and you disable it on your account, you won't even be able to log in to enable it again. See enforced two-step verification for more information.


Recover your account

If you don't have your phone or can't access your verification app, you can log in to your Atlassian account using your emergency recovery key that you created previously.

Use your emergency recovery key instead of a verification code

If you don't have a verification code, you can use your recovery key.

  1. Enter your email address and password as you do normally.
  2. When the screen asks for a verification code, click Can't use your phone? instead.
  3. Enter your recovery key.
  4. You'll get a new recovery key, because you can only use a recovery key once. Copy, print, or record your new key.

If you can't find your recovery key you'll have to contact Atlassian Support to get back into your account. See our troubleshooting section below.


Create a new emergency recovery key

If you've lost your recovery key or have concerns that someone else has it, you can create a new key, but only if you're not already logged out.

  1. While logged in to https://id.atlassian.com/, go to the Two-step verification page.
  2. Enter your Account password and click Unlock settings to get to your two-step verification settings. You won't see this option if you recently entered your password.
  3. Click Create new emergency recovery key.
  4. Follow the instructions on your screen to create a new key.

Make sure to copy, print, or record your new recovery key, but treat it as securely as any other password. Note that the new recovery key replaces your old recovery key.

If you run into any issues with two-step verification, see our troubleshooting section below.

Enforced two-step verification

If your Atlassian account is managed, then your organization admin can require you to use two-step verification when you log in.

When that happens:

  • You'll get an email from your admin, telling you that two-step verification is required, and pointing you to the instructions for enabling it.
  • You'll need to enable two-step verification, as described in the Enable two-step verification section above.

Read more about enforced two-step verification.


API access tokens with two-step verification

If you enable two-step verification on an account that is used by scripts or services to access Atlassian Cloud REST APIs, then that account won't be able to use a password for basic authentication against a REST API. We recommend that you use an API token instead, although an organization admin could exclude the relevant account from two-step verification. Read more about API tokens.


Troubleshoot two-step verification

If you run into any issues with two step verification, these tips might help:

If your Atlassian account won't accept your verification code, but you know you're using the right code

  • Make sure you're not entering a space
    Some authentication apps display the verification code in two segments, for example: 111 000. However, you generally want to enter your code as a single string: 111000.
  • Make sure you're looking at the code for the correct account
    Many apps allow you to add several accounts and codes in the same app and some display in the same area. Verify you're looking at the correct verification app and the correct code for your Atlassian account.
  • Make sure your phone has the correct time
    Verification codes may not work if the time for your app and on your phone are inconsistent. If the time on your phone is incorrect, reset the clock and then try to access your account again.

If you've tried everything in this list, log in with your emergency recovery key. 

If you log in with Google or SAML single sign-on

You can't set up two-step verification. We recommend that you use Google's 2-Step Verification or your SAML single sign-on provider's equivalent.

If you can choose between logging in with Google and an Atlassian account password, then you can enable two-step verification. However, we'll only request a verification code when you log in with an Atlassian account password, not when logging in with Google.

If you replace your phone or want to start using a different verification app

Disable two-step verification, then enable two-step verification again on your new phone or verification app.

If your recovery key doesn't work or you've lost it

Make sure it's not an old recovery key. You may have already used that one previously and have your newest one saved elsewhere.

If you manage your Atlassian account yourself

If you manage your Atlassian account yourself, you can recover access to your account from the login screen as follows:

  1. Log in to your Atlassian account as usual.
  2. At the two-step verification step, choose Can't use your phone?
  3. At the Emergency Recovery Key step, choose Can't find your recovery key?
  4. At the Recover your account step, choose Send recovery email.

We'll send an initial confirmation email and then, sometime later, we'll send another email with a one-time login link to give you access to your account. This delay is needed for security reasons.

When you log in to your account using the login link, we'll direct you to your two-step verification settings page. To ensure that you can continue to use your account, you should do either of the following:

  • If you have a new device, disable two-step verification and set it up for your new device.
  • If you want to keep using your existing device, create a new emergency recovery key, and store it securely.
If your organization manages your Atlassian account

If your organization manages your Atlassian account, you'll need to contact your organization admin for assistance in recovering access to your account.

Last modified on Apr 26, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.