Masking user passwords

When users enter their password, it should not be visible to anyone who might happen to be looking over the user's shoulder. This is an expected level of security. As shown in the following screenshot, not masking the password is unacceptable. This recipe shows you a method of masking the user's password as it is entered.

How to do it...

To accomplish our task, we will create two labels (one for the username and one for the password), three text entry fields (one for the username, a second for the unmasked password, and the third for the masked password). The masked password is the one we want displayed on the screen:

1. Create a Username: label for content.
2. Create a Password: label for content.
3. Create a text entry field and name it fldUsername.
4. Create a text entry field and name it fldMaskedPassword.
5. Create a text entry field and name it fldUnmaskedPassword. Set this field's visible property to false.
6. Add the following code to the fldMaskedPassword field:

   on keydown pKey
     put the text of fld "fldUnmaskedPassword" into tRaw
     put the text of fld "fldMaskedPassword" into tMask
     
     put tRaw & pKey into fld "fldUnmaskedPassword"
     put tMask & "*" into fld "fldMaskedPassword"
   end keydown

7. When the user selects the Log In button, you will pull his/her username and password with statements such as the following:

   the text of fld "fldUsername"
   the text of fld "fldUnmaskedPassword"

How it works...

To achieve our desired results, we created an invisible text field in order to hold the user's actual password as it is entered. As each key was pressed, the key was echoed to the hidden field and displayed as * in the visible password field.

There's more...

If you are implementing this password-masking function in your mobile apps, you will want to thoroughly test it and ensure that you take into account user actions such as using the Backspace, Delete, and other keys. Once you have it working the way you want it, you might consider asking your friend to bug test it for you. It can be fun for people to "try and break" your app.