App password not enforced accessing BitBucket via Git command line

Nick Fulton May 10, 2021

I've noticed a small quirk in how BitBucket operates when accessing a Git repository over the command line. Specifically, when I run "git pull" and input my password, the remote server returns a 403 with the message that I need to use an app password (having MFA enabled on my account). However, running "git pull" again with the same password immediately after, the command is executed successfully.

Below is a screenshot of the output, the issue being that the second time "git pull" is run, the pull operation begins.

Screenshot (38).jpg

While this is very convenient, it seems to partially negate the security benefits of two-factor authentication, and I couldn't find any other places where this is reported.

0 comments

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events