How do I obfuscate password input on a form using vb.net?

Question

I'm not sure how to obfuscate input on a form when accepting password entry using vb.net. Rather than echoing the password, I just want to echo asterisks, like this:

Actual password input:

swordfish

What the user sees:

*********

How do I accomplish this?

Answer 1

The problem with typpo and jon's answer is the textbox input based on PasswordChar property is that it is insecure! Select the text masked by asterisks, copy it to the clipboard and paste it into say, notepad for an example, the password is revealed!

See here for an article explaining how to protect it, and also here,

The first link is written in VC, ok, it is not in the language of your choice, but it will highlight how to get around password revealers that can unmask the password input. The second link is in C# which shows how to ensure a user has selected/entered a password based on the strength of the input.

Those two links should help you in the direction in

• Technique in securing the password input to hide it from simple clipboard operations or even password revealer programs.
• Technique in determining the strength of the password.

Using both can help you in ensuring your password input is secure enough and to keep the end-user and management alike, feeling confident that the set up is indeed secure in relation to password inputs.

Answer 2

In a VB form? I think you set the PasswordChar property to a character, it will show password chars.

If in a webform, set textbox.textmode to password.

Answer 3

Set the PasswordChar property of a textbox to the character *, eg.

textBox.PasswordChar = "*"c