Many computer systems utilize secretly held information for access control and other purposes. Web pages, operating systems, computer programs, and other applications often utilize passwords as a way of authenticating users, where successful authentication is a prerequisite for access to data and/or application functionality. The use of passwords and other secret information, however, often involves competing goals. To enhance security, for instance, password requirements are frequently imposed to increase entropy and, consequently, increase the difficulty of an attacker guessing or otherwise determining the values of passwords. Such requirements may require special characters, multiple types of characters, and other conditions to be met so that passwords differ from words found in dictionaries which may be used for dictionary attacks. Many applications also increase security by preventing passwords from being displayed or otherwise presented, thereby preventing potential attackers from surreptitiously viewing the screen of another to obtain their password. Commonly, characters in a password are replaced with a single character, such as a dot or asterisk. This allows users to see how many characters have been input, but not the individual characters.
The use of passwords and other secrets additionally comes at the expense of usability. In addition to visual and other feedback preventing users from knowing if they have entered a password correctly, passwords are often requested/required on mobile devices which have relatively small screens. On-screen virtual keyboards, for instance, often have individual keys that are smaller than users' fingers, thereby making it very easy to mistype characters in a password. When the characters entered for a password are obscured, users are unable to detect input errors until passwords have been submitted and rejected. One solution to the problem of usability is to simply show passwords on screen in the fields into which the passwords are input. Many keyboard applications, however, have advanced functionality whereby the applications record words that have been input and provide such words as suggestions in the future (e.g., when the first few letters of a word have already been typed). As a result, showing the password often comes at the expense of revealing the password at a later time, perhaps to an unauthorized user as a suggestion for a word being typed.