Web-based forms are used to collect information from users, such as payment information—e.g., credit card number and expiration date—required by an electronic commerce site to complete a transaction. To protect the confidentiality of such information, especially for the benefit of users who may be entering data in a public place and/or using a computer that may be used by others after the user is finished, a password or similar field has been used to collect confidential information. When a password field is used, however, typically the value being entered is not displayed, which may result in data entry errors not being detected by the user prior to submitting the form for processing. For example, a user may not realize that the user has made an error in entering and/or modifying a credit card number that is sixteen digits in length if the number is not displayed while it is being entered and/or edited. One alternative approach is to use a text field for entry of such data and then forcing the page to be refreshed if returned to after a loss of page focus (e.g., another page viewed and/or another application or other window outside the browser selected). Using this approach, the protected value is displayed so long as the user remains on the same page, but a subsequent (or the same) user cannot view the protected value merely by navigating back to the page; instead, such a subsequent viewer sees the page as refreshed, with the previously-entered protected value omitted. However, the latter approach may fail to prevent disclosure of the protected value if the browser software, due to error or otherwise, fails to force a refresh of the page.