To secure a login page, we want to ask users for either an OTP code sent via SMS to their registered cell phone or a Timed-OTP validation code paired with their account.
On the form, we would tag the input field for the SMS OTP with "autocomplete=one-time-code" and it should be filled with the token received via SMS.
The other input field for the Timed-OTP code would also need to be tagged with the same attribute (according to the newly introduced method to embed TOTP inside of the KeyChain).
Now if the user clicks in any of those fields, the SMS OTP value or TOTP value is available as a selection, leading to a confusion which to enter where.
Normally, the user would only have one method chosen, so only one field would appear, however, this is not enforced.
Is it somehow possible to only show the SMS codes in one field and the Timed-OTP codes in the other?