Well, at least you have at least one other option which does not require coding.
You can setup a field security profile:
By the way, if you are not familiar with the field security profiles yet, you will need to read this:
What may not be clear is that you can allow “update” and “create” without giving “read” permissions.
As a result, a user who is not a system administrator, and who has been assigned that kind of field security profile will see masked values when he/she will be looking at the data:
Yet such a use will still be able to enter new value into the protected field:
Still, it’s a quick and robust solution: it works everywhere (on the forms, in the views, in the reports), and it does not take long to set up a field security profile.
Interestingly enough, if you know how to update customizations.xml file, it seems there is an attribute that you can add to the file manually and that is supossed turn an input control into a password control:
However, it did not really work for me when I tried. It did, but in some strange way – here is what I got:
It does not depend on the browser – it was exactly the same behavior in both Edge and Chrome.