The Progress fill-in widget has a :blank attribute that you can use when creating a password field. But most Windows applications use asterisks instead of blanks.
It's fairly simple to have asterisks (or any other password-character) in Progress too:
{windows.i} DEFINE VARIABLE ReturnValue AS INTEGER NO-UNDO. RUN SendMessage{&A} IN hpApi (fill-in_password:HWND, {&EM_SETPASSWORDCHAR}, ASC("*"), 0, OUTPUT ReturnValue).
The third parameter is the new passwordchar. When 0, you disable the password feature.
You may have trouble reading fill-in_password:screen-value so instead you have to ASSIGN the fill-in and test the associated field or variable.
There is a small security risc: if you use debugtools like Spy++ you will see the contents of the fill-in in readable format, e.g. with no asterisks. This means it is fairly simple for a hacker to create a program that logs your passwords. This is not only true for this particular fill-in, but for every password field in MS-Windows. The normal :BLANK attribute however can not be spied: it only shows blanks.