Chrome Version: 59.0.3071.109
OS: GNU/Linux, but likely independent of OS

What steps will reproduce the problem?
(0) Enable chrome://flags/#enable-password-force-saving.
(1) Save a password on kraken.com's sign-up (registration) page (right-click on the password field, choose the option to save and accept the saving prompt).
(2) Visit https://www.kraken.com/en-us/login.

What is the expected result?
The password is autofilled on load.

What happens instead?
While the password is still available for manual filling (click on the username, use the pop-up suggestions), the password is not autofilled.


Note: The above also reproduces with a genuine account and without manual saving. The instructions are using manual saving to avoid the need to register a test account.

Details:
The password is not autofilled, because the wait_for_username argument passed to PasswordManager::Autofill is true. This likely happens because observed_form_.IsPossibleChangePasswordForm() considers the login form to be a change password form, because it has two password fields: one for the password, and one for OTP.

This is a wrong design of the page, which should just present a plain text field for an OTP. There is no need to mask the OTP value. However, on our side we could use the fact that we actually filled credentials, and the login succeeded with that. That means that what we saved and where we filled it was the right information.