The Atlassian software development solutions are well known and widely used by many agile software development teams. Tools like Jira, BitBucket, Bamboo, and Confluence are an integral part of the everyday projects development for now over 10 million active users worldwide.
The good news is that these users now have a more convenient and secure way to login to various Atlassian products. To provide them with better user experience, Alpha Serve has developed WebAuthn add-ons that allow for passwordless authentication.
What is WebAuthn and how it works?
WebAuthn is a browser-based security standard approved by the World Wide Web Consortium (W3C). It prevents sophisticated phishing attacks by relying on publicly available encryption. WebAuthn is also part of the FIDO2 – a framework of technologies which allow passwordless authentication between web browsers, servers and authenticators. Windows 10, Android and browsers such as Chrome, Edge, Safari and Firefox support this security standard.
The WebAuthn specification allows for servers to be inserted with the powerful authenticators that are built into different devices. A public-private key pair is created for a site rather than a password. The private key is safely stored on the device of the user while the public key is provided to the server for security purposes. This public key is then used by the server to verify the user’s ID.
Currently, the Alpha Serve add-ons allow passwordless authentication with WebAuthn for Jira, Bitbucket, Confluence and Bamboo. Instead of the conventional username-password combinations, the users may login with fingerprint or hardware security key. They can even connect multiple devices and biometric data to their accounts, allowing them to login more conveniently.
Going passwordlsess – what’s the benefit?
Passwordlsess authentication is not new, but until recently, this functionality was not available for Atlassian products. Now, after the implementation of Alpha Serve’s add-ons, users can enjoy the following:
- Be freed from the need to remember complex passwords.
- No need to track their multiple online accounts passwords.
- Save time for login as passwordlsess authentication eases the entire login processes.
- Enjoy better online account safety.
Cyber criminals face a major challenge to gain access to user accounts with passwordless authentication. And while account hacks can be done remotely with compromised credentials, a passwordless authentication systems requires the attacker to access to device physically and have biometrically complicated information which is much harder to aquire.
Given the fact that the projects and data hosted and saved in Atlassian solutions typically involve sensitive and proprietary information that is critical, it is not of a less importance to mention that a poorly protected account with a weak password can be an open gate for malicious actors. Sadly, not many users adopt strong passphrases and code combinations and a lot of them have difficulties to remember the complex sequences of digits, numbers and symbols. At the same time, it is enough for just one developer to use compromised login credentials on an Atlassian service to put at risk of data leakage the entire information on the system.
The WebAuthn passwordless authentication technology, however, is a reliable solution that enables the Atlassian users to concentrate on their tasks by logging in without losing time and focus, having better account protection and avoiding the hassle of password resets in case of a password being forgotten or mistaken several times.