Free · No Signup

Hide Password in Screenshot

Cover password fields, reveal toggles, and autofill dropdowns.

🔒 No upload · Runs in your browser · Instant download

A single forgotten redaction on a login screen capture can expose production credentials to a public issue tracker. Black boxes over password dots and visible reveal states are mandatory hygiene.

HideShot processes screenshots locally so infosec teams can scrub repro steps without sending secrets to a SaaS image host. Include the username only if policy allows—it is often less sensitive than the password itself.

Mode
Shape

Drop your login screenshot here

Or click to browse · Paste with Ctrl+V also works

PNG · JPG · WebP · GIF
How It Works
1

Upload

Drop your image in or paste from clipboard.

2

Pick Mode

Black Box, Blur, or Pixelate.

3

Select Areas

Rectangle, oval, or freehand lasso — then hide what you selected.

4

Download

Hit Download PNG. Done.

When you only want to hide passwords from one specific audience, the goal is a clean cover that survives forwarding. On this page you'll hide a password that typically appears in a Wi-Fi setup screen on a router admin page or a Wi-Fi setup screen on a router admin page. The fields that need attention usually include a password manager autofill preview and a password manager autofill preview — and any nearby context that helps a reader reconstruct them. Getting this right matters because passwords are immediately reusable on any account that shares the same login pattern — credential-stuffing tools test leaked passwords against thousands of services.

People who reach this page are usually in one of three positions. The first is streamers whose Alt-Tab briefly showed a password field. The second is streamers whose Alt-Tab briefly showed a password field. The third is IT support staff handing off credentials between shifts. In all three, the screenshot or photo isn't the point — the work that needs to happen around it is — and hiding a password cleanly is the unblocking step between 'I shouldn't share this yet' and 'okay, sending'. HideShot is built specifically for that gap: drag, mark, download, get on with the rest of your day.

What to Redact — and Why It Matters

The first job is to inventory what's actually visible. For a password, the high-priority fields are any 2FA codes or recovery codes visible nearby, any 2FA codes or recovery codes visible nearby, and the password text itself. Less obvious but equally important is the URL of the service the password belongs to — it's the one most people forget on the first pass, and it tends to be the field that re-identifies everything you carefully covered above. Walk down the image once with a checklist mindset, marking each instance you find. In any password screenshot, also redact the username and the URL — without those, the password by itself is much harder to use.

The reason this matters more than 'general privacy hygiene' is concrete. temporary passwords are frequently reused by the issuing system across accounts in the same batch, so one leak compromises many. Separately, passwords are immediately reusable on any account that shares the same login pattern — credential-stuffing tools test leaked passwords against thousands of services. Both of those are real, documented patterns in fraud and harassment — not hypothetical. The two-minute redaction step you take before sharing is the single highest-leverage privacy move available to you for this kind of content, and it's the difference between an image that disappears into the recipient's workflow and one that becomes a permanent exposure.

HideShot handles a password entirely inside your browser. The image is loaded from your device into a local canvas; the redaction tools draw on that canvas; the exported PNG is generated by your browser's own rendering code. Nothing about the source file is transmitted to any HideShot server, because there isn't one in the path — the page is static, the JavaScript runs locally, and the only network traffic during the redaction itself is the page load that happened before you uploaded anything. For hide password in screenshot, that means the original never leaves your machine, the redacted version is generated locally, and you can use the tool with Wi-Fi turned off if you want to prove it to yourself.

Step-by-Step: How to Hide A Password with HideShot

  1. Open the HideShot canvas above and drop your image directly onto it, or click the upload area and select the file. The image loads locally — your browser reads it from disk, no upload happens.
  2. Zoom in until a password fills enough of the canvas for you to draw precisely around it. Precision matters: a generous margin protects you against character-edge bleed, but too generous and you cover useful context.
  3. Select passwords with the rectangle or lasso tool. Choose 'Blackout' to cover them with an opaque block.
  4. Sweep the rest of the image for the indirect leaks listed above — any 2FA codes or recovery codes visible nearby, any 2FA codes or recovery codes visible nearby, and anything in the surrounding chrome (URL bar, sidebar, timestamps) that could help a reader reconstruct what you just covered.
  5. Download the finished PNG. The export is a flattened image: the redacted pixels are baked in, the original pixels under your black blocks are gone, and the file is safe to share through whatever channel you were planning.

Common Mistakes When Hiding A Password

Sharing the screenshot anywhere and assuming a password change later will fix it. Once shared, assume captured. Rotate the password before sharing, redact for the receiver's reference, and rotate again after. Reused-password lists circulate for years.

Covering the password but leaving the recovery-code grid visible. Recovery codes function as permanent backdoor passwords. Treat them with at least the same care as the primary password.

Using a single black bar that doesn't cover the password's pixel-shadow edges — bold fonts often render with antialias halos that survive a tight crop. Bold passwords have visible character height even under a moderate bar. Use a tall, wide rectangle with generous margin, especially on retina-density captures.

Black Out vs Blur vs Pixelate — Which to Use

For hide password in screenshot, the three options behave differently. Blur is fast and visually soft, but at small radii the original shape of passwords survives well enough for OCR or human reconstruction at 2x zoom. Pixelation breaks passwords into colored blocks — at 12-16 pixel block size it defeats both human reading and modern depixelation models, and it's the right choice when you want visible 'something was here' without revealing the data. Black-out (solid opaque block) is the strongest option: there is no signal under the block to reconstruct, and reviewers immediately understand the field was intentionally hidden. Hiding passwords with a solid block is the most reliable choice. Blur reads as softer but allows reconstruction at low radii.