There’s a problem with some software user-interfaces, such as graphical shells, text-based shells, web browsers, etc. where the software needs to prompt the user for a secret (e.g. a PIN or master password) but the user can’t be sure that it’s a bona fide request from the software system itself, or some application, web page, or add-in that is pretending to be the system.

Seems to me like the solution to this problem is to have the system software do something that an application/web-page/add-in cannot do, and this leads me to think there should be a small area of a screen in a graphical user interface (textual UI is left as an exercise for the reader) which only the system software can manipulate.

If only the system can manipulate this small part of the screen then it’s a safe place to provide secrets to the system. Also, colour code be used by this reserved part of the screen to indicate when the input focus was active or not. So red on blur and green on focus.

In a web application the reserved part of the screen could be a drop down from the top of the screen over the address bar and toolbars, for an operating system it could be where the ‘Start’ menu button is. It will continue to display even when your app is in full screen mode, except perhaps if you temporarily turn it off during a presentation or game (although there may be some risk attached to allowing that temporary disablement).