Its important to know why the system is functioning the way it is. Thought I share some info.
The reason why this is the case is that form object masks the password and encrypts it when its entered. The presentation of the field is a generic 'mask' as to not give any indication about what characters there are on the field.
Certain pieces of information can make things easier to hack such as:
- Number of characters
- Valid alpha-numeric characters
- Valid special characters
- Personal information about the user (birthday, street address, full name, pets, first date location, etc).
- Does the person care about security (will have a bad password more than likely...)
Also, you can't just go into the AX DB and pull the data out. Its stored encrypted. Nice try.