Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects.
Issue-tracking application Jira, Git repository BitBucket, continuous integration and deployment server Bamboo, and team collaboration platform Confluence are all considered to be proven agile tools.
Considering how popular agile has become, it’s no wonder Atlassian now serves 83 percent of Fortune 500 companies and has over 10 million active users worldwide.
To help create a better experience for these users, Alpha Serve has developed WebAuthn add-ons to bring passwordless authentication to various Atlassian products. Having a more convenient and secure way to login to their Atlassian instances should be a welcome development for development teams.
How WebAuthn Works
WebAuthn is a browser-based security standard recommended by World Wide Web Consortium (W3C) that allows web apps to simplify and safeguard user authentication by utilizing registered devices as factors.
It relies on public-key cryptography to prevent sophisticated phishing attacks. WebAuthn is part of the FIDO2 framework – various technologies that permit passwordless authentication among web browsers, servers, and authenticators.
This security standard is supported by Windows 10 and Android platforms and browsers such as Chrome, Edge, Safari, and Firefox.
The WebAuthn specification makes it possible for servers to integrate with the powerful authenticators built into various devices. Instead of a password, a private-public key pair is generated for a site. The private key is stored safely on the user’s gadget while a public key and spontaneously created credential identification are submitted to the server for safe-keeping. The server then utilizes that public key to verify the user’s ID.
Alpha Serve’s add-ons currently enable passwordless authentication for Jira, Bamboo, Bitbucket, and Confluence with:
Hardware security key and fingerprint can allow users to login instead of conventional username and password combinations. Users can even associate multiple devices and biometric data to their accounts, giving them more flexibility to login to their accounts.
Benefits of Going Passwordless
Though passwordless authentication is not entirely new, it’s not available by default for Atlassian products, and there was no way to enable it until recently. By implementing Alpha Serve’s add-ons, users can enjoy the following benefits:
Hassle-free. Users are spared from having to come up with and remember complex passwords or passphrases. Users also do not need to keep track of their many passwords for their different online accounts. Ultimately, it makes the login process fast and straightforward.
Efficiency. Passwordless authentication also trims down the time needed for users to key in lengthy and complex passwords. This allows them to quickly focus on their tasks. Besides, 30 to 50 percent of IT service desk calls are requests for password resets. By eliminating passwords, IT teams can free up their time for more meaningful work.
Better security. With passwordless authentication, cybercriminals face a more significant challenge gaining access to users’ authentication. Hacks using compromised credentials can be performed remotely. Hacking passwordless systems require attackers to have physical access to devices and have biometric information, which is challenging to do.
Why It Matters
Projects and data hosted and stored in Atlassian solutions typically are mission-critical and involve sensitive and proprietary information. Bitbucket repositories, for instance, contain the evolving source codes of projects. Jira and Confluence data also involve sensitive and confidential exchanges among staff members.
As such, it’s crucial to improve the security of these services. Passwords can be the weak link to most cyber defenses. Despite calls for users to adopt strong passwords, many are still likely to use weak and easy-to-remember passwords. Some even use the same weak passwords that they use with their personal apps and services.
Unfortunately, hackers are now in possession of credential dumps – username and password combinations stolen from past hacks, which they now use to breach other systems. Just one developer who reuses previously compromised credentials on an Atlassian service puts the entire system at risk of a data breach.
Not only are breaches costly to resolve, but such cyberattacks can be devastating for software projects. Proprietary code can be stolen and leaked, rendering the entire product useless.
As cyberattacks become more sophisticated by the day, software development teams are at a heightened risk of damage and loss.
WebAuthn passwordless authentication is a more dependable solution for safeguarding confidential information. Fortunately for Atlassian users, they can now implement WebAuthn quickly through these new add-ons.