You can never claim to have sufficient security. Hackers find new ways to exploit the unseen and hidden loopholes to steal information. When it comes to storing code on public clouds such as BitBucket, there always has been a question mark over its security. Anybody who has the username and password can get access to valuable code.
Atlassian has taken the first steps towards tightening the security around the BitBucket – a Git code repository. They have introduced two-factor authentication and IP whitelisting for all its premium customers.
Two Factor Authentication
Two factor authentication is a process where users have to provide two inputs to identify themselves
I root for two factor authentication as it provides a second layer of security to ensure that the source code does not fall into the wrong hands if the username and password is compromised. The BitBucket blog does not specify how exactly it plans to introduce two-factor authentication (through an electronic token, SMS or an app).
Configuration administrators have been provided the option to turn-on the second layer of security. Users are required to create the two-step security on their own based on the instructions provided on BitBucket. Unless they do it, they will not have the access to view, clone or push content.
Whitelisting IP Address
IP Whitelisting is a process of identifying the list of IP addresses that are allowed to interact
The other security control added is IP Whitelisting. The configuration administrators are required to select a set of IP addresses or an IP address range which can access the code repository. Only users from these IP addresses will be able to view, push or clone the content.
This is an excellent addition to those companies that are sitting on the edge, unable to decide whether to host the code on premises or on the cloud. The whitelisting feature will ensure that only the right set of people will have access to the code. If the IP addresses whitelisted are from the office alone, then the employees will be forced to come into the office. No more working from home!