Steps to reproduce:
This issue is very common on most sites that include OTP/2FA on login, two concrete examples: DigitalOcean and AWS, especially if you are registering for the first time, or logging in without stored OTP in Orion.
- Have a credential stored for email/password without OTP from before
- Go to DigitalOcean and press Login
- Confirm your email on popup with stored credential, confirm with Touch ID
- On next page repeat the process for password
- On third page enter OTP manually from your other source (for example password manager on Apple Watch)
Orion asks you to update the password, which overrides your password with the useless 6 digit PIN. On next login it will fill this PIN instead of the password
Expected behavior:
Orion should detect that field is OTP and not password, and not offer to update/store this password when it is just a OTP pin code.
Orion, OS version; hardware type:
Orion 0.99.122-beta (WebKit 615.1.11.7), iMac 24" M1, macOS Monterey 12.6 build 21G115