We have had an ongoing issue with certain types of Co-Browse sessions where the CSR can see the customers password when they are Co-Browsing. We have applied a number of configuration changes and for the most part are no longer experiencing the issue with the exception of users that are using Sfari as their browser on their phone.

When a customer initiates a C-Browse session (from their phone using Safari) and attempts to login and/or set their password, they can click "Show" and the password shows for the CSR. We have made a number of configurations within the Co-Browse Admin console to apply Masking or Hide on the Password fields but Safari doesn't apply the masking. Other browsers do.

Is there something we need to be doing differently when applying masks?