There is some debate at the moment that suggest that over the shoulder password copying is not the problem it used to be and by obscuring the password using * actually deters people from using more complex passwords in the first place, it also goes against usability guidelines.
I recently had to create a login dialog for a Flex application – to log into Domino using Session based authentication and wondered if there was a better way.
I liked the look of this idea – allow the password to be entered in the clear but replace with * when the focus is lost. This way if for any reason the dialog is left on the screen the password is obscured when your not actually entering it.
Heres a Demo. (a little slow to load but view source enabled)
Watch how the password is masked when focus is lost. Out of interest if you attempt to login you will see the error message a user will see.
Another method might be to implement the iphone method – here as each password character is entered its displayed in the clear for a couple of seconds and then masked.