When entering secure mode and prompted to input the TOTP/etc. 2FA code, browser suggest potential auto-fill options for the input box based on previous inputs.
The form, or at least the input, should be marked
autocomplete="off", so that this doesn’t happen.
phabricator 8cbf206d35de724e6f31de856f9e4b7e51c92e51 (Aug 8 2018) as used at Wikimedia
With a 2FA account, attempt to enter the TOTP prompt that starts with at least once of the digits of a value previously entered with that browser. (Obviously, ensure your browser isn’t in some odd mode where it doesn’t remember/prompt autofills.)
[It’s sad that you took away our ability to file these bugs as tasks on Phabricator and instead route us through a customer support system.]