Password is visible when i post the form using @Html.PasswordFor

Question

When i check in firefox i can i see my password.

I am using the following code

  @using (Html.BeginForm("Login", "Account", FormMethod.Post, new { @class = "navbar-form navbar-left", @id = "loginform" }))
        {
            @Html.AntiForgeryToken()
            @Html.ValidationSummary(true)
            <div class="form-group form-header input-group-lg">
                @Html.TextBoxFor(m => m.UserName, htmlAttributes: new { @class = "form-control", @placeholder = "Email:" })
                @Html.ValidationMessageFor(m => m.UserName)
            </div>
            <div class="form-group form-header input-group-lg">
                @Html.PasswordFor(m => m.Password, htmlAttributes: new { @class = "form-control", @placeholder = "Password:" })
                @Html.ValidationMessageFor(m => m.Password)
            </div>
            <button class="btn btn-danger btn-lg" type="submit">Login</button>
            <div class="remember">
                @Html.CheckBoxFor(m => m.RememberMe, htmlAttributes: new { @id = "login-remember" })
                @Html.LabelFor(m => m.RememberMe)
            </div>
        }

Answer 1

The password will always be sent in plain text in the post body. @Html.PasswordFor only obscures the input box on the screen to prevent people looking over the user's shoulder and knowing their password.

This is why you should only submit secure information through an https page: this way it will be encrypted during transmission from your computer to the remote server. It is good practice to make sure during the initial page GET that the page is on https, and if not then redirect the user to the https url for the page.