When integrating Bitbucket with a strong-authentication (2FA) frontend proxy, we crossed an interesting wonder as to how can we do  strong-authentication with SourceTree/GIT clients.

The suggestion here is to have a global system configuration that would require REST/SCM HTTPS services to use the user's personal access tokens, and reject user passwords.

This would nudge users away from hard-coding their corporate passwords in clear-text files, and instead resort to personal access tokens and usage awareness.