>When using a passwordchar, you can copy the masked contents using ctrl-c
>When you paste this in a textdocument, voila, the password is revealed.
>This seems a serious issue since all protection is bypassed using two keyboard commands.
>Is there a workaround for this?
>But keep in mind a user must be able to type in the textbox to change the password.
The simple trick would be to _cliptext="" in textbox's .lostfocus(), but I'd rather side with df here. The users may want to copy their password for legitimate reasons, and you'd just tick them off with this.