Bad password is misreported as bad OTP code
It seems to me that when I use password+HOTP authentication and make a mistake when entering the password, Datovka refuses to log me in (obviously), but reports I have made a mistake when entering the OTP, and (which is worse) allows me to reenter the OTP only (I had to restart the application to be able to reenter the password).