This may have been said
My interpretation of the form is that if you haven't created a web access account at tfl.etc then you need to (1) create a password on this form and then (2) use that password to create your web account, or you won't be able to. In other words, this process and the web account process need to hash (let's hope) the same password. But still... it's not good.
What you might do before submitting the form is change your actual password to "temporarily somer andom texts" (for example) and write that on the form, then change it back after the transaction. Or just "gosh this is stupid 34345687".
In other news, office penetration testers got my password, but apparently mine is the only one got that wasn't on the lines of "letmein123". It was more like "Zvchwk43" with each letter or number random of its kind, but cased as shown. And not used elsewhere. So this now is notgo odeno ughok - but (3) not my actual new password and (4) number and/or case variation is still compulsory, and a pain in the typist - it turns out that I can remember nonsense words, up to a point, but not case at the same time. Well, then, my next compulsory password change will have an A or a 1 in it, probably, just to meet that requirement (as I was doing already). "A notgo odeno ughok" for instance. And so, probably, will all my others. Unless I don't have to.