What would be everyone’s thoughts on having pwfeedback enabled by default? (makes sudo show asterisks when asking for a password). The desktop (and even Plymouth when it asks for encryption keys!) show visual feedback on password entry, but sudo doesn’t (by default.) In my opinion, this causes inconsistency and makes things harder for complete newbies.
EDIT 2024-10-01: Changed the title to specifically mention Workstation, since in theory each Spin could do whatever with this (if I’m reading correctly) and Workstation is the main target of this.
Hmmm, I haven’t thought about this in years — thanks for bringing it up. I think it’s a reasonable suggestion, especially since other password prompts on the desktop act that way.
Yeah, I think this makes sense. Even as an experienced Linux user there are times when I’m not sure I’m actually typing the password or not.
The main argument against it would be that it would allow someone shoulder-surfing or otherwise able to view the console to know the length of the password. I don’t find that compelling for the default user, especially since we have that kind of feedback in other places.
I think this is a reasonable distro-wide (that is, for all variants) change to consider, since it’s a strange default to not show feedback when typing. There are also implications for remote connectivity: if you don’t see feedback, you cannot tell if your typing actually made it over to the other side and that can result in you inadvertently mistyping.
Also, in 2024, if you are worried enough about someone snooping over your shoulder to gain information about your password length… why are you still using passwords?
@mattdm Should I submit a change proposal for this? I assume it’s probably a bit late to submit a change for F41 (the freeze is in less than two weeks O_O) but I’d love to actually get this to the right places for F42/43.
I’m pretty new to the project (only made minor contributions to Ask Fedora, the unofficial Discord, and some small documentation, and when I say minor I mean pedantic-level OCD-fuelled nitpicks), but I’m trying to learn how the change proposal process works as I’m typing this (I have the YT video opened on my T480 while I type.)
Hi @skyeforeverblue, you can absolutely submit a change proposal for this. There’s a template here. The change template is maybe slightly intimidating if you haven’t contributed to Fedora before, but it’s manageable and your change is pretty simple so it shouldn’t be too hard to prepare. Feel free to ask here or in #devel:fedoraproject.org on Matrix if you have questions.
It’d make Fedora the only OS to do it, and I imagine everyone else has good reason not to be doing it as a default (and would question why Fedora is doing it differently, which had better be better than the reasons others aren’t doing it )
As for the change itself, I don’t really care about it Asterisks aren’t helping me with what the character actually is, and if I mistyped a character it’ll still be mistyped as an asterisk. If I feel I mistyped a character, I backspace blindly until I feel I got rid of enough of it and retype it.
Adding asterisks doesn’t necessarily benefit me, but adds extra data to anyone eavesdropping on password length.
It can be an option for people that want it, but I don’t agree with it being a default. I believe it to be reducing a good security practice as a minor user “convenience”, and don’t like the idea of encouraging others to reduce good security practices/exposing others to reduced good security practices.
Good security isn’t always convenient (and I wouldn’t like the idea of Fedora reducing a good security practice OS-wide for user convenience when I favor the idea of increased security OS-wide and know how to make my own convenience when necessary). I feel this to be optional and user-preference, don’t believe it to be of notable benefit (years of this; only in cli; quality-of-life basically already not implied nor desired by majority/Windows/macOS) and want Fedora targeting good security practices over convenience.
Right now it seems as-easy as installing pwfeedback, presumably found after trying to find you wanted this behavior, and I like that process. At the very least, making this more visible as an option would be cool (like a toggle option in GNOME/DE Settings).
Linux Mint does this by default, at the very least.
In my opinion, password length hints aren’t an issue. GNOME has them, Plymouth has them, etc. They help with entering passwords, and they’re a nice UX improvement. You’re obviously free to make your own decisions and have your own opinions.
For GNOME, this seems like it would require maintaining some decently chunky patches to the control center. Plus every DE has its own settings app. O_O
They could tie it behind a gsettings prop; I already have to mess with my mouse stuff through it with libinput. I’m not too sure how other DEs handle that, but iirc gsettings didn’t throw an error on Plasma 6, and was usable on Xfce also for mouse accel.
I apply different expectations for pre-boot
I’m not exactly sure how to answer this though. I kind of see how the scenario could be similar, but also didn’t have issue with pre-boot encryption showing asterisks. I guess I was just fine with them (Plymouth/crypt/LUKS) doing it as a default, but I’m also fine with everyone doing sudo passwords without asterisks.
On the other hand if pre-boot changed to not showing asterisks, I wouldn’t have issue with the change. But I wouldn’t necessarily be hindered by that being a change since I didn’t use the asterisks for a benefit to typing my password (mistyped chars still get backspaced blindly).
With sudo currently not showing asterisks, I have that as a potential indirect security benefit currently by not exposing my password length with eavesdropping. I don’t gain anything by changing that setting. It’d be easy for me to undo the change by uninstalling pwfeedback, but I’d still have the questions about it being done as a non-beneficial security downgrade.
