MASTG-KNOW-0121: Text Input Field Masking in iOS

iOS provides dedicated APIs to mask text entered in input fields, replacing visible characters with bullet characters. This helps prevent entered text from being observed on-screen by bystanders, shoulder surfing, and may help protect the text from some forms of screen capture or broadcast.

UIKit: UITextField and isSecureTextEntry

In UIKit, the UITextField class adopts the UITextInputTraits protocol, which exposes the isSecureTextEntry property. When set to true, the field masks characters as they are typed. The default value is false.

Setting this property also disables copying from the field and disables automatic text entry suggestions from the keyboard.

let passwordField = UITextField()
passwordField.isSecureTextEntry = true

The property can also be toggled at runtime, for example to implement a "show/hide password" button:

textField.isSecureTextEntry.toggle()

SwiftUI: SecureField vs. TextField

In SwiftUI, SecureField is the designated component for masked text entry. Use it when you want the behavior of a TextField, but want to hide the field's text. Unlike UITextField, there is no isSecureTextEntry property to configure on SecureField, masking is always active.

// Masked: use SecureField
SecureField("Password", text: $password)

// Unmasked: use TextField (not appropriate for sensitive input)
TextField("Username", text: $username)

Other Input Controls

Controls that adopt UITextInputTraits may also expose isSecureTextEntry, though masking is rarely appropriate for multi-line text views.

Custom input controls that bypass UITextField or SecureField entirely, for example, those implemented in game engines or cross-platform UI frameworks, do not inherit these masking mechanisms and must implement their own.