I just signed in to a Jira Cloud instance using my Google account (using OAuth, if I understand correctly). Before I could proceed, the login system emailed an OTP to the same Google account and asked me to provide the OTP.
If I just proved my control of my Google account via OAuth, what security benefit is there in immediately also proving my control of my Google account using an emailed OTP?
