Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Forced to use recorvery code when logging in because of non-existing hardware key

ObiJan
ObiJan December 22, 2024

When I try to login in bitbucket, after entering my (correct) username and password, I am asked to authenticate with a hardware key or a passkey.  

I have neither attached to my account. 
I tried adding them and removing a time-based MFA and a passkey, nothing helps.

I can only login with my (few remaining) recovery codes.  Please advise. 

Answer
Watch
Like Be the first to like this
277 views

1 answer

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 24, 2024

Hi @ObiJan and welcome to the community.

Can you please confirm if you are logging in to Bitbucket Cloud (https://bitbucket.org/)? I see that your question has the tag 'bitbucket-cloud', but you mention log in with username and password, while log in to Bitbucket Cloud from browser is done with an email address (instead of a username).

If this is indeed Bitbucket Cloud, there are two places to check for security keys and disable 2FA.

 

Atlassian account 2FA

I am quoting the instructions from our documentation on how to remove a security key, if you see it listed there:

Manage your security keys

You can add multiple security keys, delete keys and rename keys.

  1. From the Two-step verification page, enter your Account password and select Unlock settings 

    1. You won't see this option if you recently entered your password.

  2. Manage your security keys under Manage security keys

    1. Cick on Register new key to add a new key

    2. Click on Delete to delete a key

    3. Click on the key name to Rename a key

 

There should also be a link at the bottom of the page (in https://id.atlassian.com/manage-profile/security/two-step-verification) to disable Atlassian account two-step verification.

 

Bitbucket Cloud 2FA

It can be managed from the following page:

I am attaching a sample screenshot of this page:

Screenshot 2024-12-24 at 12.12.28.png

If you see a security key listed, like in the screenshot above, please click the x icon in the row with this key to remove it.

You can also click the link Disable two-step verification (top right corner in the screenshot) to disable Bitbucket 2FA.

 

After you check all the above, please open an Incognito / Private window of your browser and try to log in again to see if you get the same prompts or not.

Kind regards,
Theodora

View More Comments
ObiJan
ObiJan December 24, 2024

Just to be clear:

- I do not have any 2 factor enabled on my account, so I can't delete any.   As said above, I did try to add a factor and then remove it, result was the same

- Ironnically, when I login now, after logging in with password, I get a required email validation, sometimes I get promted to turn on 2FA (which I decline) before being asked to press the security key. 

Feel free to look at my account to confirm that I don't have any key assigned to it. 

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 30, 2024

Hi @ObiJan,

Can you please confirm if the affected Bitbucket Cloud account is the one with the same email address as your community account that you used to post this question?

If so, our system shows:

  • the Atlassian account with that email address has 2FA disabled
  • the Bitbucket Cloud account with that email address has 2FA enabled

I don't have visibility on the security keys that are added to an account.

Please let me know the following:

1. If the affected account is the one with the same email address as your community account.

2. Please provide a screenshot of the following page (make sure that your name, which shows near the left right corner, is not included in the screenshot):

3. Do you still get asked to press a security key if you log in to https://bitbucket.org/ with email address and password from an Incognito / Private window of your browser?

Kind regards,
Theodora

Like
ObiJan
ObiJan December 30, 2024

Huh, re-enabling and re-disabling there seems to have solved the problem.  Thanks. 

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 31, 2024

That's good to hear, thank you for the update! Please feel free to reach out if you ever need anything else.

Kind regards,
Theodora

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events