Daniel Jalkut recently wrote about a tool he uses to detect if he is accidentally typing his password into a plain text field (eg Twitter!). He even released his tool for this.
The tool works by monitoring the keystrokes and displaying an alert if your typing matches the start of your password. Since the system blocks monitoring of keystrokes in password fields (using Secure Input Mode), the tool will not see your password if it is a secure password field.
You can accomplish the same thing with a Keyboard Maestro macro like this:
(and no, b4ys is not really the start of my password).
Daniel's tool has the advantage of not storing the password visibility in plain text like a Keyboard Maestro trigger, but it is only the prefix you need to store, so as long as your password is relatively long that's still fairly secure - you can also hide your password among a bunch of false password triggers (none of which you will even trigger). Note if and when you do trigger this, it will show up in the Keyboard Maestro Engine log file, so there are still security implications. But perhaps less than accidentally typing your password into Facebook!
