I typed a password, It "stood out" so I had my wife see if she could read it and she couldn't. I had her type a password and I could read it no problem. once she had typed it she could read mine no problem as well. It seems once you've "seen it" it stands out. Sorry, maybe I missed something?

Still cool JS trickery none the less.

The masking characters need to be more similar to the characters being typed. eg. ll is easily readable with letters like nrs, etc. in the background.

This is a good thought - I had implemented character set matching (uppers to uppers, numbers, etc) before, but I worried that it made it almost too hard to read for the user.

You'll notice that I'm only using lowercase letters currently - that was an intentional choice as it seemed too obscured when using a fuller character set.

I'll give this another look though and see if there may be a good middle ground.

I agree, it's pretty easy to read the text if you zoom in on the field: http://skitch.com/joelf/bayjs/halfmask

Usability folks at Apple already thought this problem through and came up with the compromise seen on the iPhone.

jQuery implementation here: http://blog.decaf.de/2009/07/iphone-like-password-fields-usi...

If you select the text the password is clearly visible. Plus the letters I type are slimmer than the mask so I can still see the password.

I say : just mask the bloody password the old fashioned way :)