from link:http://javascript.about.com/od/hintsandtips/a/worst_2.htm
<2>Password Protection:
The second biggest mistake people starting out with Javascript make is to try to use it to set up a password protected area on their site. What most people creating such scripts tend to forget is that Javascript is open source and therefore anyone with a decent knowledge of Javascript can read your Javascript code to find out what the password is that it is testing for (no matter how it is encrypted).
There are a couple of ways that you can make the password protection slightly more effective with Javascript such as not coding it in the script but having the password as the name of the file containing the page or alternatively by encoding it within the password protected page itself but even these methods can be bypassed.
The other disadvantage of such methods is that they only allow you to set one password instead of one per person. Once the password becomes known to those you don't want accessing the page your only option is to change the password and let everyone you do want to have access what the new password is. Of course there is nothing to stop them all telling their friends so you can expect that at least some people who are not supposed to have access to the page will know the new password within a few minutes of when you set it.
If you want real password protection on your web site then use the server side options that you have available rather than trying to use Javascript. Server side solutions are at least potentially secure from anyone trying to break into your site
from link:http://javascript.about.com/od/hintsandtips/a/worst_2.htm
<2>Password Protection:
The second biggest mistake people starting out with Javascript make is to try to use it to set up a password protected area on their site. What most people creating such scripts tend to forget is that Javascript is open source and therefore anyone with a decent knowledge of Javascript can read your Javascript code to find out what the password is that it is testing for (no matter how it is encrypted).
There are a couple of ways that you can make the password protection slightly more effective with Javascript such as not coding it in the script but having the password as the name of the file containing the page or alternatively by encoding it within the password protected page itself but even these methods can be bypassed.
The other disadvantage of such methods is that they only allow you to set one password instead of one per person. Once the password becomes known to those you don't want accessing the page your only option is to change the password and let everyone you do want to have access what the new password is. Of course there is nothing to stop them all telling their friends so you can expect that at least some people who are not supposed to have access to the page will know the new password within a few minutes of when you set it.
If you want real password protection on your web site then use the server side options that you have available rather than trying to use Javascript. Server side solutions are at least potentially secure from anyone trying to break into your site