Start Exploring Keyword Ideas

Use Serpstat to find the best keywords for your website

How-to 8 min read September 26, 2019

What is <input type = "password"> and how does this field threaten the user's security

Using <input type="password"> on web pages with the HTTP protocol is unsafe because hackers can steal user data. User data protection is provided by using the HTTPS protocol.

Using <input type="password"> in data input forms on websites

The password input element <input type="password"> is designed to register users on websites. Normally, the text typed in by the user in this field is replaced for security reasons with special characters: stars or dots.

On mobile devices, the entered character is usually shown for a second so that the user can verify that the text typed on a small virtual keyboard is correct.

In this field, you can add an identifier or a name:
<input id="Pass_of_user" type="password">
<input type="password" name="my_password">
Transmitting data entered by the user over the insecure HTTP protocol is dangerous to transmit as this creates the risk of various hacker attacks.

There are the following options of unprotected use of user data:
When sending the form code via the HTTP protocol, a hacker can change this code and add a script to it that intercepts data. Also, a different address can be entered in the form to which the user's personal information will be sent.
If the data entered by a user is transmitted via the HTTP protocol, the information passes over the network in an unencrypted format. In this case, the user password can be intercepted by the system administrator, Internet provider and other persons.
Placing the form inside frames transmitted over HTTP, even if the main page is transmitted over HTTPS. With this option, the frame code can be stolen and modified.

Protecting user data using HTTPS

Due to the insecurity of the HTTP protocol, you must use HTTPS on any websites that utilize user data. This protocol is designed to protect users' personal data from interception and modification.

Browsers display warnings about the insecure connection to inform users of a potential threat on websites using the HTTP protocol. In Google Chrome, there is a more forceful wording:
Unprotected site connection in Google Chrome
One survey found that nearly half of users have a bad reaction to 'not secure' browser warning. However, 46% of respondents said that they would not enter their names or financial information into a website that was not secure, and 64% of survey participants said they would leave the website "instantly".

Resource insecurity warnings can also affect brand reputation. Given the aggregate evidence that the HTTPS protocol is a ranking factor and the impact of browser warnings on visitor behavior, experts unequivocally recommend switching to a secure protocol.

You must use an SSL certificate in order for the website not to have a message that scares potential customers; in that case, a browser message will inform you about the website's security:
Secure connection in Google Chrome

Why is it important to ensure the safety of users' personal data on all websites

There are situations when news and entertainment websites where visitors do not enter confidential and financial information do not treat storing data about usernames and passwords responsibly. In this case, there is a high threat to user security who use the same sets of logins and passwords on several websites.

Hackers can attack a news portal, obtain passwords and logins, and then use them on other websites containing important financial information, for example, online banking services. Accordingly, ensuring the security of personal data depends not only on the competent actions of website developers but also on the users themselves.

There are certain rules for using passwords that will minimize the risk of identity theft. Some data protection guidelines apply to website owners, others apply to users.

Recommendations for administrators:
The password length should complicate the hack by the exhaustive search method. The optimal length is more than six characters, among which there are letters of various cases, digits, and special characters.

The password entered by a user must be checked for compliance with these requirements.
Account blocking should be implemented on websites if the password is entered incorrectly for a particular number of times.

For example, if you type your password incorrectly three times, your account can be blocked for several minutes or longer. This will greatly complicate hacker attacks with password guessing.
Regular change of passwords after a certain period of time. A hacker may need over 90 days to crack a complicated and long password via password guessing.

Therefore, by inviting users to change passwords every 60 or 90 days, it is possible to ensure the safe storage of their personal data.
It's useful to rename administrator accounts from popular Administrator or Admin names to individual ones for website security reasons. It is also important that such accounts with wide authority have the most complex passwords which should be regularly updated.

Otherwise, there is a risk of being hacked by the automated password guessing (brute force) software.
You can audit passwords of the website users, trying to independently crack them with hacker tools. This will help to identify security problems before attackers do it and eliminate them by modifying the website or by pointing out to careless users at their mistakes.
Recommendations for users:

  • it is advisable to use meaningless combinations of letters and symbols that are not related to personal information;
  • passwords for different websites should be different. If you cannot remember them, you can use password managers. However, in this case, you must carefully select a complex password for this tool.

You can install LastPass: Free Password Manager that allows storing passwords, addresses, and other data securely for auto-filling forms:
Password Manager LastPass: Free Password Manager for Google Chrome


The security of transferring and storing user data is one of the priorities in the operation of any website.
You can protect your personal data using the HTTPS protocol.
It is important to monitor the strength of passwords entered by users by adding appropriate checks and recommendations.
It is useful to regularly suggest changing the password in user accounts to mitigate the risk of cracking them.
Administrator passwords should be as complex as possible, you must remember to change them as often as possible.
This article is a part of Serpstat's "Site Audit" tool
SEO Audit in Serpstat" title = "What is input type = "password" and how does this field threaten the user's security 16261788343416" />
Audit all the site or page in one click. A complete list of errors, sorted by severity, ways to resolve them and recommendations. Any frequency of verification and automatic email reports.
Run Site Audit

Speed up your search marketing growth with Serpstat!

Keyword and backlink opportunities, competitors' online strategy, daily rankings and SEO-related issues.

A pack of tools for reducing your time on SEO tasks.

Get free 7-day trial

Rate the article on a five-point scale

The article has already been rated by 0 people on average out of 5
Found an error? Select it and press Ctrl + Enter to tell us

Discover More SEO Tools

Tools for Keywords

Keywords Research Tools – uncover untapped potential in your niche

Serpstat Features

SERP SEO Tool – the ultimate solution for website optimization

Keyword Difficulty Tool

Stay ahead of the competition and dominate your niche with our keywords difficulty tool

Check Page for SEO

On-page SEO checker – identify technical issues, optimize and drive more traffic to your website

Share this article with your friends

Are you sure?

Introducing Serpstat

Find out about the main features of the service in a convenient way for you!

Please send a request, and our specialist will offer you education options: a personal demonstration, a trial period, or materials for self-study and increasing expertise — everything for a comfortable start to work with Serpstat.




We are glad of your comment
I agree to Serpstat`s Privacy Policy.

Thank you, we have saved your new mailing settings.

Report a bug

Open support chat
mail pocket flipboard Messenger telegramm