Hi! I was curious how people feel about the fact that we have separate two-factor authentication steps for both our Atlassian accounts and our BitBucket sub-accounts. It's not clear to me whether this is an intentional policy, or just a vestigial schism from before Atlassian implemented their cross-product SSO. On one hand, I suppose I shouldn't complain about anything that improves account security, which this technically does. On the other hand, it kind of undermines the purpose of SSO & having an integrated account, and it also adds to the chronic difficulty of managing multiple accounts.
I do realize I could simply turn off 2FA on the BitBucket side. This isn't a support question, I'd just like to understand Atlassian’s intention & ultimate goals for account security and authentication.
Why two OTP codes for one platform. It is very confusing and not user friendly.