Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Password fields should be type="password" #49
In my opinion it's better to have password fields plain because that makes it easier to control the settings.
Suggestion: show passwords masked by default but provide a way to show them as plain text. Two alternatives:
I'm adding label "help wanted" to this issue. Contributions are welcome.
What is the problem that you are trying to solve? If the problem is someone looking over your shoulder, the masking or hiding the password with an option to reveal would be suitable. If the problem is a proxy or "man in the middle" inspecting your unencrypted traffic, the only secure option would be to remove the feature that shows a stored password. The password field would be one way, to set or update a password.