diff --git a/src/components/Form/FieldOtp/index.tsx b/src/components/Form/FieldOtp/index.tsx
index 538c21924..17a872806 100644
--- a/src/components/Form/FieldOtp/index.tsx
+++ b/src/components/Form/FieldOtp/index.tsx
@@ -81,6 +81,7 @@ export const FieldOtp = <
               isInvalid={fieldState.invalid}
               isDisabled={props.isDisabled}
               otp
+              type="alphanumeric"
               id={id}
               onComplete={(v) => {
                 props.onComplete?.(v);
diff --git a/src/features/auth/utils.ts b/src/features/auth/utils.ts
index 018a5e639..4d10651de 100644
--- a/src/features/auth/utils.ts
+++ b/src/features/auth/utils.ts
@@ -1,4 +1,5 @@
 export const VALIDATION_CODE_MOCKED = '000000';
+export const ALLOWED_CHARACTERS = 'abcdefghjkmnpqrstuvwxyz23456789';
 export const VALIDATION_RETRY_DELAY_IN_SECONDS = 2;
 export const VALIDATION_RETRY_ALLOWED_BEFORE_DELAY = 3;
 export const VALIDATION_TOKEN_EXPIRATION_IN_MINUTES = 5;
diff --git a/src/server/config/auth.ts b/src/server/config/auth.ts
index eb674e13b..e62f7baef 100644
--- a/src/server/config/auth.ts
+++ b/src/server/config/auth.ts
@@ -5,10 +5,11 @@ import { TRPCError } from '@trpc/server';
 import bcrypt from 'bcrypt';
 import dayjs from 'dayjs';
 import { cookies, headers } from 'next/headers';
-import { alphabet, generateRandomString } from 'oslo/crypto';
+import { generateRandomString } from 'oslo/crypto';
 
 import { env } from '@/env.mjs';
 import {
+  ALLOWED_CHARACTERS,
   VALIDATION_CODE_MOCKED,
   getValidationRetryDelayInSeconds,
 } from '@/features/auth/utils';
@@ -65,7 +66,7 @@ export async function generateCode() {
   const code =
     env.NODE_ENV === 'development' || env.NEXT_PUBLIC_IS_DEMO
       ? VALIDATION_CODE_MOCKED
-      : generateRandomString(6, alphabet('a-z', '0-9'));
+      : generateRandomString(6, ALLOWED_CHARACTERS);
   return {
     hashed: await bcrypt.hash(code, 12),
     readable: code,