Recommendations include requiring all password fields in your web application be masked to prevent other users from seeing this information.