Before you will be able to add a FIDO2 key as an authentication method to your Bitbucket account you will need to enable two-factor authentication.

First, log in to your Bitbucket application using a web browser, then after clicking on the cog icon select the option "Personal Bitbucket settings";

In the left hand column on the web page, and in the section "Security", select the option "Two-step verification"; 

A QR code will then be displayed, and can be used to enable two-step verification using either a suitable authentication app, or a programmable hardware token (example below);

• Enabling two-factor authentication using a programmable token ...

  Bitbucket is a web-based, Git-based code hosting and collaboration tool for software development teams, and access to the app can be protected using a programmable hardware token (which takes the place of an authentication app).

  In order to protect access to Bitbucket using a programmable hardware token, you will first need to enable two-factor authentication.

  Enabling two-factor authentication

  Two-factor authentication for Bitbucket can be enabled by first logging in to your Bitbucket application using a web browser, then after clicking on the cog icon select the option "Personal Bitbucket settings";

  

  In the left hand column on the web page, and in the section "Security", select the option "Two-step verification"; 

  

  After selecting this option a QR code will be generated (see example below);

  

  You can use the QR code to program our programmable tokens using the instructions found in the following procedure;

  • • Click here to expand...

      To program a SafeID/Diamond or SafeID/Pro token with a QR code, launch the SafeID/Diamond programming tool.  

      

      
      

      Click the Scan QR Code button 

      Click here for instructions on Scanning QR Codes ...

      Before you scan the QR code please ensure that the clock on your computer is displaying the correct date and time.

      You can scan the screen for a QR code, or load from a file.

      

      If you are scanning the barcode on the screen please ensure that the QR code is not obscured by other windows, and if you have more than one monitor please ensure that both the app and the QR code are displayed on the main display (display 1).

      If you still have difficulty in scanning the QR code double check you only have the one instance of the app running, and that it is the latest version of the app.  In most cases when there are issues with scanning of the QR code the most likely cause is the QR code contains the wrong data and may need to be regenerated.  To test the QR code you could check that the code works correctly with the authenticator app it is intended for (e.g microsoft authenticator), and if this fails then you know that the QR code will need to be regenerated.

      

      
      

      Select Scan Screen.

      If succeeded, the Seed box should be filled with the token's seed data.

      

      
      

      Now, select your smart card reader from the Reader drop-down list, e.g. "HID OMNIKEY 5427 CK"

      

      
      

      Press the Connect button

      

      
      

      Now, switch on a SafeID token and place it on the reader. 

      The tool will read out the token's serial number and time, and display them:

      

      
      

      If you want to correct the clock on the token, then leave the "Sync Token Clock" checked, but first ensure the time on your pc is set correctly.

      Press the Burn button

      

      
      

      The token is successfully programmed.

      Switch off the token and switch it on again to generate a new code (the token may only use the new seed after being reset)

      

      Related Articles

      • Programmable Tokens and keys
      • Hardware Tokens
      • NFC Card Reader
      • Checking and resolving time drift on a windows computer
      • How to generate QR codes for authenticator apps or programmable tokens
      • How to extract seed data from a QR code using a PC

  Verifying your token

  Once you have programmed your token you will need to verify it with Bitbucket.

  At the "Enter the resulting verification code:" prompt, copy a 6-digit code from your newly programmed hardware token , then click ;

  

  You will then be notified that an email has been sent to  you (in order to verify enabling of 2fa on your account);

  

  Open the email sent to you, then from within the email, click on the link 

  

  Two-step verification should then be enabled for your account.

  Related Articles

  • OTP Tokens
  • Programmable Tokens and keys
  • NFC Smart Card Reader
  • How to use SafeKey as a FIDO2 passkey with Bitbucket

Once two-step authentication has been enabled, scroll down the option settings until you reach the section "Security keys".

Under the prompt "Device name", provide a suitable name for your key then click on the button "Add security key";

When asked where to save this passkey, select the option "Security Key", then click ;

You are now notified that access to google will be prepared with your Fido2 security key - click  to proceed to the next step;

You will asked for permission to examine your Fido2 key, insert the key into a USB port then click ;

You will now be asked to touch the Fido2 key (in the case of a Fido key with a fingerprint reader you will need to swipe your finger on the key);

Provided you press the button on the Fido2 key in the allowed time, the passkey details will be stored on your Fido2 key, and you will be presented with the following confirmation;

Click "OK", and the FIIDO2 key will be registered with Bitbucket, and is ready to be used when you next log in.