They can be used not just in Java Script, but also PHP, Perl, Java and many other languages.
Some text editors (not just vi) also allow them when searching for or replacing text. This is a new technique available in modern browsers and definitely the way of the future.
Instead of as this lets the browser (and the user) know that the contents of that field need to be secured.
The password won't appear on the screen as you type and most browsers also won't 'remember' the values entered in fields as they do with other form elements.
Another method is to display what they've entered as part of a 'confirmation page'.
The problem here is that you're making the password visible in the browser, browser cache, proxy, etc.
Passwords need to be stored encrypted in the database or elsewhere and any backups should also be encrypted.If the purpose of registration is to confirm that the person exists, and that they have supplied a valid email address, then as part of the registration processe you a should either email them a random password or a confirmation token rather than letting them choose their own password and use it immediately.The code presented below would then be used for letting the user change their password.Because the input type obscures the text typed, you should let the user confirm that they haven't made a mistake.The simplest way to do this is to have the password entered twice, and then check that they are identical.