Chrome Version: 59.0.3071.109
OS: GNU/Linux, but likely independent of OS

What steps will reproduce the problem?
(0) Enable chrome://flags/#enable-password-force-saving.
(1) Save a password on kraken.com's sign-up (registration) page (right-click on the password field, choose the option to save and accept the saving prompt).
(2) Visit https://www.kraken.com/en-us/login. If the password is not autofilled, trigger filling the form on demand by clicking in the username field and selecting the suggestion with the saved account.
(3) Type something in the two-factor auth field (just below password). Type something of different length than the saved password.
(4) Trigger saving the password again, from the (first) password field.


What is the expected result?
No save-password prompt, because the password has not changed.

What happens instead?
A prompt to update the password, offering to save the content of the two-factor auth. If selected, this overwrites the correct password with the one-time garbage.


Note: The above also reproduces with a genuine account and without manual saving. The instructions are using manual saving to avoid the need to register a test account.