2FA-Password is saved in autocompletion of browser

[Sleekesst]

When you sign up to bitrated, you need to enter a 2FA-Password. This is done via an usual text form:

Therefore the entered 2FA-password is saved by the webbrowsers autofill feature (maybe in plain text, depends on browser).

To prove this you just need to go to https://www.bitrated.com/join again, an the password can be autofilled by your browser.

Additionally the password ist shown while you enter it.

This field should be changed from type="text" to type="password" for security reasons.

This might be not a big risk, but I already talked to one guy who said he won't use bitrated 'cause of this. It is a matter of trust, how entered passwords are handled...

[Sleekesst]

Same issue at the login screen. A normal text field is used for the passphrase.