Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

MFA is disabled but keeps asking for two-step verification on BitBucket

andrewaguirre
Drew October 15, 2020

MFA is disabled but keeps asking for two-step verification

BITMFA.png

Answer
Watch
Like Ashiqul Hoque likes this
2650 views

1 answer

1 accepted

1 vote
Answer accepted
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 19, 2020

Hi Andrew,

I see that you opened a support ticket for this and the issue has been resolved!

I just wanted to post the solution here for future reference, in case any other user with the same issue comes across your post: 

It is possible to have 2FA enabled for an Atlassian account (https://id.atlassian.com/) and also for a Bitbucket account (https://bitbucket.org/). If 2FA is enabled for both, you'll be asked for a 2FA code twice when attempting to log in to Bitbucket Cloud. If you want to disable 2FA, you'll need to disable it for both the Atlassian and the Bitbucket account.

In the screenshot above, there is a link "Forgot code?" which will allow you to request a 2FA recovery email in order to disable 2FA for the Bitbucket account.

Kind regards,
Theodora

View More Comments
Ashiqul Hoque
Ashiqul Hoque
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 7, 2021

I was going nuts over this! You finally solved my day. I was totally convinced that Atlassian 2FA and Bitbucket 2FA were the same thing, until I saw your answer. Thank you very much!!!

Like Theodora Boudale likes this
Scott Noring
Scott Noring
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 26, 2021

I don't understand.  When I go to the above links they are using the same login (Atlassian). I don't see a way to create two nor disable one.  I am having serious access issues suddenly (no changes on my end) having to do with MFA. Please clarify.

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 27, 2021

Hi @Scott Noring,

2FA for the Atlassian account can be enabled/disabled via this page: https://id.atlassian.com/manage-profile/security
2FA for the Bitbucket account can be enabled/disabled via this page: https://bitbucket.org/account/settings/two-step-verification/manage

When you attempt to log in to https://bitbucket.org, you will get redirected to https://id.atlassian.com for authentication, and after successful authentication back to Bitbucket.

We use Atlassian accounts (https://id.atlassian.com) for authentication to provide single login to users who use multiple Atlassian Cloud products. E.g. in order to access a certain Jira Cloud instance, authentication goes through https://id.atlassian.com. The Atlassian account is also used when logging in to community (https://community.atlassian.com/) or our issue tracker site (https://jira.atlassian.com/secure/Dashboard.jspa)

If you're having issues with 2FA, please create a new question with some more details on the issue and we can help you there.

Kind regards,
Theodora

Like
koitsu2018
koitsu2018
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 30, 2025

I appreciate this question (and answer), but this is kind of insane.  I really want Atlassian to think about this slowly and in full:

When you imposed people create Atlassian accounts (which would then be granted access / tied to Bitbucket), you created a situation exactly as you described above: literally dual 2FA: one TOTP key for id.atlassian.com (a new one), and a separate one for bitbucket.org (pre-existing).

Your "solution" is then to ask that users disable 2FA on their Bitbucket account.  Is this not insecure in some fashion?  How do we as users/developers know that literally every single access model to Bitbucket is forced to go through id.atlassian.com?

This is not the way you go about adopting / acquiring a service and merging logins/accounts.  And I suspect Atlassian engineers know that... but did it anyway.

You really should consider auditing all of your acquisition products that offer 2FA and consider sending Emails to account owners letting them know about this situation (re: dual 2FA), as I'm fairly certain most people are in the same boat as Scott and myself.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security