Hi @bogdan.bledea ,
I have received confirmation from products team and this is the default behavior that you are experiencing. You are seeing the MFA coming up twice while resetting the Password using the SSPR for B2C using the SignUp-SignIn Policies, as the default behavior for Password Reset flow (through SignUp-SignIn policies) is that you need to put you email and get the code sent to your email and once the code is entered to the B2C password reset page, you would be asked to enter the new password and confirm new password. But if you enable MFA for your SignUp-SignIn policy, and then try to reset the password, you would first go by the default flow for SSPR i.e enter your email address and get the code sent to your email and second, once you enter the code the next page is the MFA page, that would bring up the MFA method that is selected in the SignUp-SignIn Policy.
In case you want to update this behavior, you would have to use the custom policies.
Please let me know if you have any questions.
Thanks
Saurabh