Steps to reproduce:
1. Open link to private jira in a browser without an existing jira session
2. Fill in email address to log in (but make a typo)
3. Enter password in the following screen that looks exactly identical to the "login screen" you're used to
Expected result:
Password is masked
Actual result:
Password is displayed in clear text
I tried to report this as a bug but Jira support website blocked me from doing so because I'm not an admin. Sad news: your best bug reports are going to come from people that aren't admins. Admins will likely filter out all the tickets they feel are not worth filing nor will they follow up for details.