I guess you can try extract the text out of the password field and see if matches to your actual password. If it does, you know its not encrypted. I haven't tried this but makes sense when I think about it!
In my sense no where the actual password should be placed in the code (security issue)
And I really confused what is your intension of using bitmap checkpoint for it.
simply , Encrypt the password from the QTP tools , and place it in dbtable and later compare it with the code one ..thats it
I've a web application in which once the user logs in and checks his profile, the password should be displayed as masked. I was using bitmap checkpoints for this field to verify that the field is masked. I think TReddy's solution looks good to me but it only checks if it is a password field not the UI part of it. If there is any other way to verify that the password field is displayed as dots(.), it would be good.