Cannot log into sites with 2FA token input fields of type password

[nbartos]

When I try to login to a site which requires a username and password on the first page, and then am brought to a second page which asks for a SMS token to be entered (in an input field of type password), I am unable to successfully enter the SMS token. When the cursor is moved out of the 2FA token field, immediately the password stored in keepassxc is auto-filled. There does not seem to be a way of preventing this. In order to login to the site, I had to revert back to the old chromeIPass extension.

Expected Behavior

If I have entered text into a password field manually, I would expect the extension not to wipe out what I entered.

Current Behavior

The 2FA token is always wiped (apparently replaced by the site's stored password) when moving the cursor outside of the input field.

Possible Solution

Either don't autofill password fields where a user has already inputted text, or provide some other workaround to allow logging into a site such as this.

Steps to Reproduce (for bugs)

1. Go to site which requires username and password on the first login page.
2. Click on username field and select login from drop down.
3. Click sign in button.
4. On next page where 2FA token is requested in a password field, type in 2FA token manually or copy and paste from external 2FA token application.
5. Watch the contents of the password field change length.

Debug info

This is the html input field for the 2FA token:

General Info

KeePassXC fork - KeePassXC version: 2.3.0
keepassxc-browser - KeePassXC-Browser Version: 1.0.0

Operating system: Ubuntu 17.04
Browser: Google chrome beta: Version 65.0.3325.106 (Official Build) beta (64-bit)
Proxy used: YES

[varjolintu]

I made a little fix to this. There's only one drawback to it: if there's only the password field visible and user wants to revert using the credential password after the input already has content, the value must be cleared before autocomplete menu appears.