5 comments

[ 3.1 ms ] story [ 19.9 ms ] thread
type="password" inputs are not explicitly saved to browser form history, which is the biggest functional differentiator.
Does the same thing happen (in modern browsers) with autocomplete="off"? I assume that's why I don't get autocomplete/history for my bank's login page, despite that it's in cleartext.
Yeah that's generally how its done, but also doesn't give users the choice to use their browsers password manager or keychain. The autocomplete feature was more geared towards sensitive data that should never be re-surfaced in an automated way, such as credit card info, that sort of thing.
Right! I forgot about the browser's password manager.
Many people work in office settings with co-workers sometimes looking at their screen (Pair programming, getting help.) Masking passwords by default is a good thing.

Also, don't forget sight-impaired accessibility features. OS features like VoiceOver on Mac will read what you type, unless you are on a masked text field in which case the OS knows not to say each character you type for the whole office to hear.

A user option to toggle the visibility is welcome. Many of the Mac password panels today have a checkbox under the field for "Show Password."