Make Non-Password Inputs Use Bullets (or Bullet Alternatives)

This works on texty inputs (e.g. text, email, etc) but you cannot change actual password inputs. Use case = ???.

input { -webkit-text-security: none; }
input { -webkit-text-security: circle; }
input { -webkit-text-security: square; }
input { -webkit-text-security: disc; /* Default */ }


  1. User Avatar
    Thierry Koblentz
    Permalink to comment#

    Hi Chris,
    I don’t think authors can really use this as I think WebKit does not let you overwrite the styling of input type=”password”

    • User Avatar
      Chris Coyier
      Permalink to comment#

      But it works, checkout the Reference URL.

    • User Avatar
      Thierry Koblentz
      Permalink to comment#

      No it does not.

      As Stephanie Sullivan noted, the “/” after “password” makes the browser treat it as “text”.

      <p><input type=password /></p>

      Fix the markup in the fiddle, you’ll see that it stops working.

    • User Avatar
      Chris Coyier
      Permalink to comment#

      Hm yeah interesting. Here’s a simplified fiddle

      I didn’t change the markup as <input type=password /> is perfectly valid. It doesn’t change the type to text, it just doesn’t let you change the styling. It’s locked down somehow.

      I’ll change the snippet to explain that it only works for text(ish) inputs. (I tried it on type=email and it worked there).

    • User Avatar
      Thierry Koblentz
      Permalink to comment#

      We thought that it was the “/” in there that somehow changed things, because if I recall removing it showed a different behavior.

      But now that I try the reference URL I can’t reproduce the behavior!??

      Did you ever see that working on input with type=password? I thought it used to…

      In any case, as I suggest in my first post, and as Tab Atkins confirmed, there is no way to overwrite that :-(

  2. User Avatar
    Sunny Singh
    Permalink to comment#

    I wonder what would be the use case behind this, changing the default password bullets feels like it will confuse a lot of users.

  3. User Avatar
    Permalink to comment#

    You can go into “inspect element” in chrome and change it from “disc” to “none” and it will show the actual letters. So, what purpose then will this serve?

    • User Avatar
      Permalink to comment#

      When you’re setting someone’s password. Something like typing password on wirelless access points.

  4. User Avatar
    Permalink to comment#

    im trying to change the a password input character to square without success i tried to look it up couldn’t find any resource that tells u hoe to do it.
    thank you,

  5. User Avatar
    Permalink to comment#

    One purpose for webkit-text-security is to create a PIN code input on iOS and Android that uses the native number keyboard instead of the alphanumeric. Basically: will get you the numeric keyboard, and setting webkit-text-security will get you the hidden entry! I also use autocomplete=’off’ to ensure that the PIN couldn’t be auto-populated.

    • User Avatar
      Permalink to comment#

      Meant to say – basically: <input type='tel'> will get you the numeric keyboard…

    • User Avatar
      Permalink to comment#

      Hello Kinergy. This is exactly what I am trying to acheive but it does not function.
      Currently I have an input like this:
      <input type=”tel” name=”myInput” id=”myInputID”/>

      And CSS thus:

      -webkit-text-security: disc;

      I have tried it inline and a specific class but neither work. I am using Android ICS. Any hints on how you got this working :-)

    • User Avatar
      Permalink to comment#

      In the end I wrote Javascript to take the input from a tel input field and replace it with asterisk looks just like a password input but with the numeric soft keyboard. Interesting to know why the CSS did not function though.

  6. User Avatar
    Permalink to comment#

    Hi Martin,

    It appears that 3rd party keyboards don’t obey this – I tried with a Swype keyboard and it didn’t work, but it did work with the standard Android keyboard!

    Maybe that was why it didn’t work for you?


  7. User Avatar
    Permalink to comment#

    of course like your web-site however you have to check the spelling on several
    of your posts. Many of them are rife with spelling problems and I in finding it very
    bothersome to inform the reality nevertheless I will definitely come
    again again.

  8. User Avatar
    Permalink to comment#

    It supports in chrome,Safari .How to do this for other browsers.

  9. User Avatar

    Thanks for the quick tip, I had a problem with a type=’password’ and this really saved me from re-writing a big part of my css.
    Btw in fiddle it seems to not be a difference between -webkit-text-security: disc and circle, am I missing something? I am on chrome latest version.

  10. User Avatar
    Permalink to comment#

    Hi ,
    I am working in Cross Platform ,I develop Single code base and run it on all other platform like android,ios,windows and Blackberry.
    I used -webkit-text-security: disc; to replace the input with disc and it works only on few devices and doesn’t support all platform(windows phone 8 and android S2).Once i done research on it i come to know that it is because webkit support only few please help me out to solve this issue.

    Thanks in advance.

  11. User Avatar
    Permalink to comment#

    Hi ,

    I am using jsf input text field in my application,this should be used in both desktop and mobile onclick on text field it should enable numeric keypad.can anyone help me on this?

  12. User Avatar
    Permalink to comment#


    can anyone help me on this.

    iam searching for Equivalent of -webkit-text-stroke for FF .

  13. User Avatar
    Murlidhar Chaugule
    Permalink to comment#

    I have used this in the mobile app of phonegap. but it is not working in some android versions. Can somebody help ?

    It is not working on a Sony Xperia (4.0.4) and Samsung Duos (4.2.2).

  14. User Avatar
    Vijaykumar A
    Permalink to comment#


    I need bullets for non-password fields. The code working fine in chrome, but it is not working in Fire fox.

    Any help will be appreciated.

    • User Avatar
      Permalink to comment#

      Same problem. -webkit properties only work in Chrome. There is no support for other browsers. How can we achieve that?

  15. User Avatar
    Paul Christian

    I’m confused …. I just ask a question …this webkit-text-security …make the password turn into like this ************** …that asterisks ?

  16. User Avatar
    Joel Caton
    Permalink to comment#

    Thanks for posting this. It helped on a cordova project I am working on.

  17. User Avatar

    Use case: double-blind inputs. A pair of inputs that requires the exact same text to be entered in both. If they don’t match, then the inputs are cleared (as if they had entered nothing).

    You may think this is password-only, but it also helps when entering Socials, DoB etc. for user identification.

  18. User Avatar
    Sathya T
    Permalink to comment#

    This works well.. But we are facing problems in iphone. When entering the values in gift cart pin number, the iphone considers as a password field and asking us whether to save this or not.
    Note : the above css is applied to the pin number field of the gift card. Issue occurs in ios10 safari

  19. User Avatar
    Permalink to comment#

    So here is some terrible advice, for many reasons, most importantly, this is bad for a11y. BUT, for science, here is a way to have a password field… that isn’t a password field.

  20. User Avatar
    Permalink to comment#

    I tried your code

    Chrome Version 61.0.3163.100 – works as advertised :)
    Opera 48.0.2685.35 – works as advertised :)

    IE 11.0.9600.16428 – password text displayed as readable :(
    FireFox 55.0.3 – password text displayed as readable :(

    any idea why that would be?

  21. User Avatar
    Permalink to comment#

    Check out It replaces the bullet by using an icon font. So any icon can be used!

  22. User Avatar
    Kevin Smothers
    Permalink to comment#

    It’s important to note that none of these are secure what-so-ever. I’m researching a solution for this and when I come up with one I will share it.

    Always remembers…..

    That -webkit-* means browsers that support webkit (firefox does not for example).
    A user could inspect element with all of these answer and see the real value of the input.

    So if you’re using chrome and you’re only trying to obfuscate the input value from people looking over a user’s shoulder, then -webkit-text-security: square; is fine, but if you actually need security, none of these will work ….unfortunately.

    The only real answer will involve JavaScript. In reality, we’re probably going to have to grab the user input, store it in one variable that’s connected to your form model, and then convert it to some other character like an asterisk * and replace the input value with the values of the obfuscated variable. This will of course need to be done on keyup.

    Sadly, my potential solution is most likely going to be a bear to implement. I’ll update later after I’ve written the code and had an opportunity to get in front of IE and Edge to test it appropriately.

  23. User Avatar
    Permalink to comment#

    The input-password-bullet example I shared is secure, in as much as any typical password type input is secure, because it’s replacing the font of the password type input.

  24. User Avatar
    Permalink to comment#

    @kevin Smothers, its worth notign that while you are sort of correct (depending on what the goal is/use is for this field), technically, the type=”password” field is ALSO not secure. As one can just inspect the element, and change type to “text” so, actually, webkit-text-security is just as secure as the default password field that it is trying to mimick, as long as you put in fallbacks for unsupported browsers.

Leave a Comment

Posting Code!

You may write comments in Markdown. This makes code easy to post, as you can write inline code like `<div>this</div>` or multiline blocks of code in triple backtick fences (```) with double new lines before and after.

Code of Conduct

Absolutely anyone is welcome to submit a comment here. But not all comments will be posted. Think of it like writing a letter to the editor. All submitted comments will be read, but not all published. Published comments will be on-topic, helpful, and further the discussion or debate.

Want to tell us something privately?

Feel free to use our contact form. That's a great place to let us know about typos or anything off-topic.