When I was looking into the code for the secure store setup I came across some items which I think is incorrectly done.
First I notice that the password is not of secure string is that right?
```
# Set the field values
$secureUserName = ConvertTo-SecureString $unattendedAccount.UserName -AsPlainText -Force
$securePassword = $unattendedAccount.Password
$credentialValues = $secureUserName, $securePassword
```
2. The password field mask is set to false instead of true
```
# Set the account fields
$usernameField = New-SPSecureStoreApplicationField -Name "User Name" -Type WindowsUserName -Masked:$false
$passwordField = New-SPSecureStoreApplicationField -Name "Password" -Type WindowsPassword -Masked:$false
$fields = $usernameField, $passwordField
```
Hope you can fix it for the next version .
Cheers
Nicholas Ang
Comments: ** Comment from web user: prawnz **
First I notice that the password is not of secure string is that right?
```
# Set the field values
$secureUserName = ConvertTo-SecureString $unattendedAccount.UserName -AsPlainText -Force
$securePassword = $unattendedAccount.Password
$credentialValues = $secureUserName, $securePassword
```
2. The password field mask is set to false instead of true
```
# Set the account fields
$usernameField = New-SPSecureStoreApplicationField -Name "User Name" -Type WindowsUserName -Masked:$false
$passwordField = New-SPSecureStoreApplicationField -Name "Password" -Type WindowsPassword -Masked:$false
$fields = $usernameField, $passwordField
```
Hope you can fix it for the next version .
Cheers
Nicholas Ang
Comments: ** Comment from web user: prawnz **
I believe it is bad practice to have the password field not masked and ultimately should be a secure string. What do you think?