Set password requirements

To keep your password policy when when we upgrade your users to Atlassian account, you must claim your domain.

If you want your Atlassian Cloud site to be as secure as possible (and, let's face it, who doesn't?), you can define password requirements to make sure everyone doesn't use 'password1'.

There are a few criteria you can set when deciding on password requirements for your site. You can set:

  • A required strength-level for passwords
  • How often people must reset their passwords
  • The number of times new unique passwords must be used before an old password can be re-used

On this page:

Atlassian Cloud uses an entropy score to evaluate the strength of people's passwords.

Change password settings

  1. Go to 
     >  User management
  2. Select Password policy.
  3. Use the options in the Password policy section to specify strength and reset criteria of passwords.

After making changes, you can optionally force all your users to update their passwords to meet the new strength criteria by using the Reset all passwords button.

If you change the password strength policy and want the changes to take effect when people next log in, you need to reset all users' passwords.

If anyone has chosen the Keep me logged in option on the site login screen, they'll be forced to update their password after their login period expires (every 30 days).  

Password strength examples

Password strength Example
Weak asdf
Fair ryti*
Good ry2iy*
Strong qwe&8d&d
Very strong DFG65&fj90

Tips for setting strong passwords

Need to give your users some tips on how to set strong passwords? Try these:

  • Avoid patterns. Consecutive letters (either alphabetical or on the keyboard) and numbers
  • Avoid replacing letters with similar numbers or symbols (example 3 for e or $ for s)
  • Avoid short passwords. Lots of unrelated english words are hard to guess, but a single word and a single number is very easy for an attacker to break.
  • Do use a password manager to generate long/random passwords
  • Do use lots of 'parts' to your password, which can make it hard to crack and easier to remember. Four unrelated english words is very strong (correcthorsebatterystaple), as is a combination of words and random numbers (tape934elephant%*)

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport