Quotes Icon

Andrew M.

Andrew M.

운영 부사장

"저희 비영리 단체는 TeamPassword를 사용하고 있으며, 우리의 요구에 잘 맞고 있습니다."

가입하기!

Table Of Contents

    Masked passwords don't work

    "Masked" Passwords Don't Work the Way You Think

    March 4, 20224 min read

    Password Management

    "Does TeamPassword mask passwords so that users can't see the password itself?" 

    We get this question a lot. And the short answer is: No, we don't. 

    And here's why: it doesn't work. At least not the way you think.

    Masked or Hidden passwords give the illusion of security without any real security benefit.

    Here are a few ways a user can get around it.

    1. If the sign-in form has a Show Password box or the eye icon, the user can reveal the password once entered.

    2. Even if the password manager automatically logs the user into the website when they click the credential, the user can turn on their browser's "Offer to save this password" feature and capture the ostensibly hidden password. Then, they can view the password in the browser's password manager with a few clicks.

    3. Inspect the code and manually reveal the password.

    This is true for 1Password, LastPass, Bitwarden, and anyone else that offers the ability to hide passwords within their vault. Once a password leaves our environment (i.e. enters a sign-up form to login), we can't control it.

    Other password managers advertise password masking as a feature; some even charge more for it. Their pitch is that by masking the password, users can use a password but won't be able to see what the password actually is, and therefore the password and the login are protected from unauthorized use. The truth of the matter lies somewhere in between. 

    Table of Contents

      What does masking passwords do?

      Masking does visually block the password so that users can't immediately see what it is. This is useful to prevent someone from looking over your shoulder and seeing what the password says. But it doesn't stop a user from finding out what that password is.

      Why doesn't masking passwords work?

      There are simple ways a knowledgeable user, or a user with half-decent web search skills, can uncover a masked password. In some cases, users can copy and paste the masked password into a text file to do the trick. Or, users can run a javascript function. There are many ways to reveal masked passwords, many of which can be found through a simple web search.

      So what does this mean? It's simple; masked passwords are no safer than unmasked passwords from users that want to know what they are.

      How can you keep passwords safe?

      At TeamPassword, we do mask passwords as the default view so that users and non-users can't immediately see the password. That makes sense. But any user can unmask the password and see what it is.

      However, TeamPassword doesn't believe in selling a false sense of security. Instead, we think it's better to maintain good password hygiene by resetting passwords regularly. That's the best way to keep your passwords safe.

      Don't want a team member to access a login? Don't share it with them. Want to know who has used which login? Check the activity log. Don't want a team member who has left the company to access accounts they had access to? Change the passwords on those accounts after they leave. 

      Password management is critical to keep you, your business, employees, and customers safe from cyberattacks, especially if you have a remote workforce.

      Masked passwords may make you feel safe, but that false sense of security may make you vulnerable because you are less likely to practice good password hygiene. 

      Don't be suckered into paying more for a feature that doesn't work. Check the logs, update your passwords, and be sensible about who has access to what.

      Don't know how? Ask us; TeamPassword is happy to help!

      패스워드 보안을 향상시킵니다

      패스워드를 올바르게 생성하고 관리하기에 가장 적합한 소프트웨어

      TeamPassword Screenshot
      facebook social icon
      twitter social icon
      linkedin social icon
      관련 게시물
      A team of diverse workers standing in a circle with their arms outstretched and hands touching, there is a desk with computers in the background.

      Password Management

      December 13, 202410 min read

      Best Password Managers for Teams (2025)

      The best password managers for teams go beyond suggesting a strong password and saving them securely for you. ...

      username ideas

      Password Management

      December 13, 202413 min read

      How to Make a Good Username | Create a Unique and Secure Username

      See the best way to come up with a new username. We break down types of usernames, why ...

      The word "passphrase" spelled out on dice on a piece of paper that has many words written down in different colors and that looks like code.

      Password Management

      December 11, 20248 min read

      What is a passphrase and should you use one?

      Passphrases use multiple common words to create passwords instead of random letters and characters, making them secure and ...

      업데이트를 놓치지 마세요!

      이와 같은 게시물을 더 읽고 싶다면, 블로그를 구독하세요.

      Promotional image