Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Bitbucket is upgrading to the Web Authentication API (WebAuthn)

Chrome is deprecating and removing the legacy U2F API for interacting with hardware security keys. The U2F API is superseded by the Web Authentication API (WebAuthn) that has multiple advantages, including widespread support of the technology across major browsers (Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari) and offers a better UI experience. In order to continue supporting two-step verification with USB security keys, Bitbucket Cloud is upgrading to WebAuthn. The transition is designed to be seamless and require no action from the user, meaning that all existing security keys will continue to work.

What is changing

WebAuthn will be used for security key two-step verification and registration. Credentials that were originally registered via the U2F API will continue to work and no additional action is required. USB security keys that are supported by the U2F API are also supported by the WebAuthn API.

WebAuthn provides a better user experience in Google Chrome and presents a dialog window for every request. You can interact with your security key as soon as the following dialog is displayed:


Potential issues

All registered security keys are expected to work with WebAuthn. However, if you experience any problems, follow the steps below:

  • Select the Refresh button or reload the page and try interacting with the security key again.

  • If you still cannot log in, select the Don’t have a key? link and use an alternative method of two-step verification (TOTP or a recovery code).

  • If alternative methods of two-step verification are not available, try logging in with the security key using a different web browser, such as Mozilla Firefox.




Log in or Sign up to comment
AUG Leaders

Atlassian Community Events