Two-step verification
Two-step verification protects your Atlassian account by requiring a second login step. That second step keeps your account secure, even if your password is compromised.
If your Atlassian account is managed, then your organization admin can require you to use two-step verification when you log in. Read more about enforced two-step verification.
Enable two-step verification
The second login step for two-step verification requires a 6-digit verification code that you get either from a verification app on your smartphone, or by text (SMS) message on any mobile phone.
Use a verification app on your smartphone
- Install an app such as Google Authenticator, Authy, or Duo on your phone. For download links to these apps, go to atlassian.com/2step on your phone.
- Now, log in to your Atlassian account at https://id.atlassian.com/manage-profile/security and click Manage two-step verification.
- Enter your password in the 'Account password' field and click Set up two-step verification.
- Follow the instructions on your screen to finish setting up.
Use text (SMS) messages on any mobile phone
- Log in to your Atlassian account at https://id.atlassian.com/manage-profile/security and click Manage two-step verification.
- Enter your password in the Account password field and click Set up two-step verification.
- Choose Don't have a smartphone? then Enable using SMS.
- Enter your phone number and click Send SMS with code. We'll send you a text message with a 6-digit code.
- Enter the 6-digit code and click Connect phone.
- Follow the instructions on your screen to finish setting up.
Be sure to copy, print, or record your emergency recovery key and keep it in a secure place. A recovery key is essential to recovering your account if you lose access to your verification app.
You're all set up! The next time you log in to your Atlassian account, check either the verification app or the messages on your phone to find the 6-digit code for the second login step.
If you run into issues, check our issues with your account section.
Log in with two-step verification
Once you've enabled two-step verification, you'll need your phone to log in:
- Enter your email address and password as you do normally.
- Get a new 6-digit verification code. Do either of the following:
- Open the verification app on your smartphone and retrieve the new 6-digit code.
- Check your phone for a text message from Atlassian with the new 6-digit code.
- Enter the verification code.
If you run into issues, check our issues with your account section.
Disable two-step verification
If you disable two-step verification, your account no longer has the protection of a second login step.
- From the Two-step verification page, enter your Account password and click Unlock settings to get to your two-step verification settings. You won't see this option if you recently entered your password.
- Under 'Settings', click Disable two-step verification.
- From the confirmation dialog that appears, click Disable to stop using two-step verification.
After you disable two-step verification, you no longer have to log in with your verification app. You can re-enable two-step verification at any time.
Be aware that if your organization admin has required you to have two-step verification enabled, and you disable it on your account, you won't even be able to log in to enable it again. See enforced two-step verification for more information.
Recover your account
If you don't have your phone or can't access your verification app, you can log in to your Atlassian account using your emergency recovery key that you created previously.
Use your emergency recovery key instead of a verification code
If you don't have a verification code, you can use your recovery key.
- Enter your email address and password as you do normally.
- When the screen asks for a verification code, click Can't use your phone? instead.
- Enter your recovery key.
- You'll get a new recovery key, because you can only use a recovery key once. Copy, print, or record your new key.
If you've lost your recovery key, see our issues with your account section or contact Atlassian Support to get back into your account.
Create a new emergency recovery key
If you've lost your recovery key or have concerns that someone else has it, you can create a new key, but only if you're not already logged out.
- Log in to your Atlassian account at https://id.atlassian.com/manage-profile/security and click Manage two-step verification.
- Enter your Account password and click Unlock settings to get to your two-step verification settings. You won't see this option if you recently entered your password.
- Click Create new emergency recovery key.
- Follow the instructions on your screen to create a new key.
Make sure to copy, print, or record your new recovery key, but treat it as securely as any other password. Note that the new recovery key replaces your old recovery key.
If you run into any issues with two-step verification, check our issues with your account section.
Enforced two-step verification
If your Atlassian account is managed, then your organization admin can require you to use two-step verification when you log in.
When that happens:
- You'll get an email from your admin, telling you that two-step verification is required, and pointing you to the instructions for enabling it.
- You'll need to enable two-step verification, as described in the Enable two-step verification section above.
Read more about enforced two-step verification.
API access tokens with two-step verification
If you enable two-step verification on an account that is used by scripts or services to access Atlassian Cloud REST APIs, then that account won't be able to use a password for basic authentication against a REST API. We recommend that you use an API token instead, although an organization admin could exclude the relevant account from two-step verification. Read more about API tokens.