Prevent user to find password through Firebug/Chrome Dev Tools

Question

For the passport input field:

Answer 1

As already said, having a password in an input element will let the user easily reveal password.

...And as @Elyasin asks, you really should let us know what your use-case is.

Being in the dark about your use-case, let's assume you have a website that users can subscribe to for a fee and you don't want multiple users sharing one person's login to get around paying your subscription fee.

You might use cookie authentication to check that a user is subscribed to your site.

1. When a new user subscribes, send them an email containing a link to a special registration page on your website.

2. When the user follows that link, place a cookie on the user's computer indicating they are a valid subscriber.

3. Create a landing page on your site. This landing page will read the cookie from the user's computer and authenticate that they are indeed a valid subscriber.

4. All other pages on your site must redirect users to the landing page if those users don't have the validating cookie.

5. Since un-subscribed users may be redirected to the landing page, you might offer to let them become subscribers on the landing page.

6. If a subscribed user's subscription has expired, you take the cookie off the (now unsubscribed) user's computer the next time they visit your site. Like any unsubscribed user, you redirect them to the landing page.

While it's true that cookies can be intercepted or stolen, it's usually beyond the casual user's ability to do so.

If you want more security using cookies, you can capture a user's IP address when they initially subscribe. Then you can verify that the user both has a validating cookie and also is accessing from the same IP address they originally subscribe from. Of course, this limits the subscribe to using only their original IP address to access your site.