I don’t quite know how to feel about this:
This was an intentional change in macOS Sequoia to limit the ability of key-logging malware to observe keys in other applications. The issue of concern was that shift+option can be used to generate alternate characters in passwords, such as Ø (shift-option-O).
There is no workaround; macOS Sequoia now requires that a hotkey registration use at least one modifier that is not shift or option.
On the one hand this doesn’t impact my workflows, so yay?
On the other hand… what an odd explanation? Assume a malicious, sandboxed app gets installed and can figure out SOME but NOT ALL of the characters in a user’s password because they register global hotkeys against every… special… character? Huh? Why would malware be sandboxed to begin with – just distribute outside the App Store to avoid that extra scrutiny, and slap all the global hot key modifiers in you want!
What a time to be alive. macOS security posture is really going great.