Nsec is unmasked by default in the login dialogue; should be masked

<Note: random characters typed into the field, not an actual nsec>