Block Passwords typed in plain text fields

Daniel Jalkut recently wrote about a tool he uses to detect if he is accidentally typing his password into a plain text field (eg Twitter!). He even released his tool for this.

The tool works by monitoring the keystrokes and displaying an alert if your typing matches the start of your password. Since the system blocks monitoring of keystrokes in password fields (using Secure Input Mode), the tool will not see your password if it is a secure password field.

You can accomplish the same thing with a Keyboard Maestro macro like this:

(and no, b4ys is not really the start of my password).

Daniel's tool has the advantage of not storing the password visibility in plain text like a Keyboard Maestro trigger, but it is only the prefix you need to store, so as long as your password is relatively long that's still fairly secure - you can also hide your password among a bunch of false password triggers (none of which you will even trigger). Note if and when you do trigger this, it will show up in the Keyboard Maestro Engine log file, so there are still security implications. But perhaps less than accidentally typing your password into Facebook!


Old post but this is a great suggestion. Thanks Peter!

No doubt obvious but FWIW, if your password is a mix of names/words and have unique numbers or letters for that relate to the website then adding insert text might be helpful incase you use that word in a sentence, of course not an issue if it is just something crazy to start with that you would never type otherwise. I of course also wouldn't flash not a secure form on the screen either.

Keyboard Maestro “Password Security 1” Macro

Password Security 1.kmmacros (1.9 KB)

1 Like