On Mon, Nov 2, 2020 at 10:16 AM, Jeff Smith wrote:
Please just say, "Enter Your Password" in order to avoid confusion.
How about "Enter Your Password (NOT your OTP)"
My secure advice (as a specialist) is to require the OTP instead, because of the security breaches that often happen by people who only know the password so they sneak in while the account owner is AFK and disable authentication so they can go to their own computer and authenticate because they only were able to steal the owner's password.
You have to be logged in to do this, meaning that whoever is entering the password has already passed
If that isn't adequate security, then I guess we need a third factor.