We live in an age where data breaches are very . In the last three years have experienced massive – yet shows that most companies are still not fully security threats and haven’t taken necessary to overhaul their security measures. No matter how much focus is put on , it's the end user that is ultimately the weakest link and can be vulnerable to password hacks.

To avoid this, it’s more important than ever that you aren’t just securing your account with a password, but also taking measures like two-step verification to keep your private content on Bitbucket, well… . In addition to two-step verification, Bitbucket is taking security a step further for teams who store their source code in Bitbucket Cloud and desire additional security: team admins can require their teams to enable two-step verification limit access to private code by IP address. Let’s take a deeper look at how admins can benefit from IP whitelisting and required 2-step verification.

Ensure secure access with required two-step verification

Two-step verification (also known as 2FA) ensures your data will continue to be protected even if someone else gets your password. This great for those who have it enabled as an extra security mechanism, but how do you really know if your team is taking advantage of this extra security? Manually following up is always an option for a small team, but what happens when your team grows to 10, 20, or more than 100?

We’re launching required 2-step verification in Bitbucket for these account administrators who require their team to have two-step verification to access private code. When you enable this option for your team, users will need to have two-step verification enabled in order to interact (view, push, clone, etc.) with your account’s private content: repositories, team settings, issue trackers, wikis, and snippets. If a user doesn’t have two-step verification enabled at the time of access, they'll see instructions on how to enable two-step verification in the UI and continue.

IP whitelisting for your private

With IP whitelisting enabled, users will only be able to interact (view, push, clone, etc.) with your account’s private content if they are accessing Bitbucket from an IP address you have selected and know is safe. If a user tries to access any of your team’s repositories, issue trackers, wikis, snippets or team settings from an un-whitelisted IP, they’ll receive an error. This helps prevent unwanted third parties from accessing your account even if they have acquired a team member’s email address and password.

When digging into the use cases and needs of these teams, we found some common themes for how this feature would be used:

Security controls on devices – admins often want to make sure the desired security controls are in place on a user’s device before the user can even get network access to private content

– admins often want to make sure the desired security controls are in place on a user’s device before the user can even get network access to private content VPN Server – lock down your VPN server for remote employees to access private content via authentication from their device

lock down your VPN server for remote employees to access private content via authentication from their device

“For Limpid Logic customers, remote access and IP whitelisting are sometimes a legal requirement, especially for clients in highly regulated industries such as finance and healthcare. Our work often deals with sensitive intellectual property that requires limited geographic access to repos from a few specific IPs,” said Bachir El Khoury, Managing Director at Limpid Logic. “IP whitelisting is exactly what we need within our business and we’re thrilled to see this security feature in Bitbucket.”

IP whitelisting is a feature of Bitbucket’s Premium plan and can be found under the access controls section of your account settings.

Bitbucket’s Premium plan

Both of these features are available in Bitbucket's Premium plan, which also includes merge checks, smart mirroring, 3,500 build minutes for Bitbucket Pipelines and 10 GB/month of Git Large File Storage (LFS).

This plan specifically aims to improve the experience for administrators of teams with lots of users and repos, complex business requirements (as a result of industry standards, etc.) or both, which we've found become more prevalent as a team grows.

All features in this plan are in a free trial until pricing changes take effect when the plan will be available for $6/user/month. For a complete breakdown of our pricing and what falls in each plan, check out our pricing comparison page .

Try required 2-step verification and IP whitelisting

If you're ready to enhance your security measures, sign up for a Bitbucket Cloud account. If you are already a Bitbucket customer, further documentation for IP Whitelisting and requiring two-step verification can be found here.

POWER UP YOUR TEAM

Interested in upgrading to Standard or Premium for more advanced admin settings, security permissions, and greater flexibility?