saving variables after redirect

You could store the password as a transient, then pass the transient key in the URL instead so it can be retrieved using that key on the next page.

function process_my_form() {

        if ( ! empty($_POST['password']) ) {
            $password = ($_POST['password']);
        } else {return;}

        /* Store Password via Transient API */
        $passkey = wp_generate_password(12, false);
        add_transient($passkey, $password, 300);

        wp_safe_redirect( esc_url_raw( add_query_arg( 'passkey', $passkey, '/secure-window' ) ) );
        exit;
}
add_action( 'admin_post_process_my_form', 'process_my_form' );
add_action( 'admin_post_nopriv_process_my_form', 'process_my_form' );

/* Example */
function process_password() {

    if ( !strstr($_SERVER['REQUEST_URI'], 'secure-window' ) {return;}
    if ( !isset($_POST['passkey']) ) {return;}

    $passkey = $_POST['passkey'];
    $password = get_transient($passkey);
    delete_transient($passkey);

    /* ... ... */
}
add_action( 'init', 'process_password' );