Atlassian announced a key security upgrade for Bitbucket Cloud, transitioning from app passwords to API tokens as the primary authentication method. This change, aimed to be completed by June 9, 2026, promises stronger security, better admin controls, and more flexible token management.
- App passwords deprecated June 9, 2026
- API tokens offer improved security and admin flexibility
- Transition period started with phased rollout since 2021
What happened
Atlassian has initiated a planned phase-out of app passwords for Bitbucket Cloud, moving toward API tokens as a more secure authentication method. This shift is designed to provide users with improved security features, including customizable expiry options and finer-grained access controls for integrations and automation.
The transition has been underway since 2021, with new Bitbucket users barred from using basic authentication via Atlassian account passwords and encouraged to adopt app passwords before the API token rollout. A full deprecation of app passwords is scheduled for June 9, 2026, after which any remaining app password integrations will cease to function.
Why it matters
Moving from app passwords to API tokens enhances the overall security posture of Bitbucket Cloud, reducing risks associated with compromised credentials and offering admins greater control over authentication scopes and lifetimes. This upgrade helps organizations better protect critical source code repositories and their integration pipelines.
For teams relying on CI/CD tools, scripts, and other automated processes connecting to Bitbucket, adopting API tokens early in the transition ensures uninterrupted access and adherence to evolving security standards. The change reflects a broader industry trend emphasizing token-based authentication to safeguard developer workflows.
What to watch next
Users should begin migrating any workflows or tools that utilize Bitbucket app passwords to API tokens as soon as possible to avoid disruption after the June 2026 deadline. Atlassian provides detailed documentation and community support resources to facilitate a smooth transition.
Monitoring future announcements from Atlassian regarding API token enhancements and additional access controls will be important, as these features are expected to further refine security and usability for Bitbucket integrations. Organizations should also assess their identity and access management policies in response to this migration.