For companies it is important that employees use reasonable password management practices. We can advice people on this, but experience shows that most do not take action because better security is always considered a hassle.
When using hosted services like BitBucket, there is no way whatsoever to enforce or review such password management practices.
It would be great if accounts could be configured to:
a) Require two factor authentication (obviously this depends on the two factor issue) b) Require the use of SSH or single-sign-on, so disallowing any access using passwords.
Implementing such security policies would make BitBucket more appealing for commercial companies to use for private repository hosting and can differentiate BitBucket from other options.