Password Masking is a very common practice that is being utilized by web applications, websites, and user
account password fields. When a password is entered into a password field of a web application or a user
account the characters entered are not shown instead “asterisks” or “bulleted points” are shown. The
practice also protects users from shoulder surfing attack vectors.
Password masking is that familiar practice of hiding the password characters – as entered by the user –
behind bullets (●), asterisks (*), or similar camouflaging characters.