>When using a passwordchar, you can copy the masked contents using ctrl-c
>When you paste this in a textdocument, voila, the password is revealed.
>This seems a serious issue since all protection is bypassed using two keyboard commands.
>Is there a workaround for this?
>But keep in mind a user must be able to type in the textbox to change the password.
>
>Guillaume
If you have such a concern:
1) Intercept the key typed in keypress and store elsewhere, replace with an irrelevant char (ie: a constant '*' or space).
2) Use a web browser control.
3) Do not allow focus there and use on screen keyboard.
IMHO it shouldn't be an issue. If user A is typing his pwd and leaving site, someone else with physical access could simply press enter to gain entry and maybe change the password.
PS: For "remember me" style passwords what I do is to simply put there a long and irrelevant text. They can't steal the actual one with Ctrl+C/V.
Cetin