Password Input
Secure password field built on Input, with show/hide toggle and accessibility best practices.
Secure password fields for auth flowsLink to section
The PasswordInput component is a specialized input for password and secret fields.
It builds on top of the base Input component and adds a secure show/hide toggle with keyboard and screen-reader support.
Use it for:
- login forms
- registration forms
- password reset flows
- password change forms
- account security settings
- onboarding flows that require credentials
Core idea
PasswordInput is for secret text. It should preserve password semantics while giving users a safe way to verify what they typed.
ImportLink to section
import { PasswordInput } from "@pycolors/ui";Basic usageLink to section
import { PasswordInput } from "@pycolors/ui";
export function BasicPasswordInput() {
return (
<PasswordInput
label="Password"
placeholder="••••••••"
/>
);
}When to use PasswordInputLink to section
Use PasswordInput when the value should be hidden by default and revealed only by explicit user intent.
Authentication
Use for login, registration, and reset-password forms.
Password lifecycle
Use for current password, new password, and confirmation fields.
Security settings
Use in account security flows where users manage credentials.
BehaviorLink to section
PasswordInput is controlled internally for visibility.
It:
- defaults to
type="password" - toggles between
passwordandtext - uses a semantic button for the toggle
- supports mouse and keyboard interaction
- exposes accessible toggle state with
aria-pressed - reserves the right icon area for the visibility toggle
Security rule
Revealing the password should always be an explicit user action. Never show secret values by default.
With helper textLink to section
Use helper text to explain password requirements.
Use at least 8 characters with one number.
import { PasswordInput } from "@pycolors/ui";
export function PasswordInputHelper() {
return (
<PasswordInput
label="Password"
placeholder="••••••••"
helperText="Use at least 8 characters with one number."
/>
);
}Validation errorLink to section
Use error to show field-level password validation.
Password must be at least 8 characters.
import { PasswordInput } from "@pycolors/ui";
export function PasswordInputError() {
return (
<PasswordInput
label="Password"
placeholder="••••••••"
error="Password must be at least 8 characters."
/>
);
}Validation rule
Keep password errors specific. Avoid vague messages like “Invalid password” when the user can fix the requirement.
SizesLink to section
PasswordInput supports the same size API as Input.
import { PasswordInput } from "@pycolors/ui";
export function PasswordInputSizes() {
return (
<div className="flex w-80 flex-col gap-3">
<PasswordInput size="sm" label="Small" placeholder="••••••••" />
<PasswordInput size="md" label="Medium" placeholder="••••••••" />
<PasswordInput size="lg" label="Large" placeholder="••••••••" />
</div>
);
}Available sizesLink to section
| Size | Purpose |
|---|---|
sm | Dense settings screens or compact forms |
md | Default password field size |
lg | Auth pages, onboarding, and high-emphasis forms |
Usage patternsLink to section
Use a clear labelLink to section
Labels such as Password, Current password, New password, and Confirm password are direct and predictable.
Add requirements close to the fieldLink to section
Use helper text for requirements before validation, then error text when the user needs to fix something.
Keep reveal behavior predictableLink to section
The reveal toggle should only change visibility, not validation, focus, or field value.
Validate outside the componentLink to section
PasswordInput displays validation state. Your schema, server, or auth layer defines the rules.
Use native autocompleteLink to section
Add autoComplete values such as current-password, new-password, or one-time-code when relevant.
PasswordInput vs InputLink to section
| Situation | Use |
|---|---|
| Password field | PasswordInput |
| Current password | PasswordInput |
| New password | PasswordInput |
| Confirm password | PasswordInput |
| Email, name, URL, search | Input |
| Secret token with reveal behavior | PasswordInput or custom secret input |
| Long secret value | Custom textarea-like secret field |
Decision rule
Use PasswordInput when the value is secret and benefits from a visibility toggle.
APILink to section
Props
PasswordInput exposes the same API as Input, except:
typeis controlled internallyrightIconis reserved for the visibility toggle
| Prop | Type | Default | Description |
|---|---|---|---|
label | string | — | Accessible label above the field |
helperText | string | — | Helper text below the field |
error | string | — | Validation error message |
leftIcon | React.ReactNode | — | Optional icon rendered on the left |
size | "sm" | "md" | "lg" | "md" | Visual density |
className | string | — | Tailwind override |
autoComplete | string | — | Native autocomplete hint |
All other supported Input props are forwarded.
TypeScript typesLink to section
import type { InputProps } from "@pycolors/ui";
export interface PasswordInputProps
extends Omit<InputProps, "type" | "rightIcon"> {}AccessibilityLink to section
PasswordInput is designed for accessible credential entry.
Guidelines:
- the visibility toggle is a real button
- the toggle should expose
aria-label - the toggle should expose
aria-pressed - icons should be decorative and use
aria-hidden - the input preserves native password semantics
- labels, helper text, and errors follow Input behavior
- use appropriate
autoCompletevalues - do not remove focus rings from the toggle or field
Recommended autocomplete values:
| Context | autoComplete |
|---|---|
| Login password | current-password |
| Register password | new-password |
| Reset password | new-password |
| Confirm password | new-password |
Accessibility rule
The reveal control must be keyboard accessible and must clearly announce whether the password is currently shown or hidden.
Prefer / avoidLink to section
Prefer
- clear password labels
- helper text for requirements
- specific validation messages
- native autocomplete values
- accessible reveal toggle
Avoid
- showing passwords by default
- vague errors like “Invalid password”
- custom right icons that conflict with reveal
- placeholder-only password fields
- validation rules hidden inside the UI component
Product copy guidelinesLink to section
Password copy should reduce friction without weakening security expectations.
Label examples
Password, Current password, New password, Confirm password.
Helper text examples
Use at least 8 characters. Use a password you do not use elsewhere.
Error examples
Password must be at least 8 characters. Current password is required.
Common questionsLink to section
RelatedLink to section
Base text input used by PasswordInput.
Build predictable forms with validation, loading, and error states.
Use PasswordInput inside real auth, reset, and password lifecycle flows.
Build accessible credential inputs with labels, errors, and keyboard support.