Enabling pwfeedback in sudo by default on Workstation?

What would be everyone’s thoughts on having pwfeedback enabled by default? (makes sudo show asterisks when asking for a password). The desktop (and even Plymouth when it asks for encryption keys!) show visual feedback on password entry, but sudo doesn’t (by default.) In my opinion, this causes inconsistency and makes things harder for complete newbies.

EDIT 2024-10-01: Changed the title to specifically mention Workstation, since in theory each Spin could do whatever with this (if I’m reading correctly) and Workstation is the main target of this.

4 Likes

Hmmm, I haven’t thought about this in years — thanks for bringing it up. I think it’s a reasonable suggestion, especially since other password prompts on the desktop act that way.

2 Likes

“oh, cool someone replied!”
checks bio

it’s the project leader

O_O

1 Like

Yeah, I think this makes sense. Even as an experienced Linux user there are times when I’m not sure I’m actually typing the password or not. :slight_smile:

The main argument against it would be that it would allow someone shoulder-surfing or otherwise able to view the console to know the length of the password. I don’t find that compelling for the default user, especially since we have that kind of feedback in other places.

3 Likes

Yeah, plus there doesn’t seem to be much concern over shoulder-surfing with GNOME password dialogs or Plymouth. >w<

EDIT: realized you meant that above. Online conversation is fun.

There are also other distros, notably Mint, that enable this by default in their installations. :stuck_out_tongue:

I think this is a reasonable distro-wide (that is, for all variants) change to consider, since it’s a strange default to not show feedback when typing. There are also implications for remote connectivity: if you don’t see feedback, you cannot tell if your typing actually made it over to the other side and that can result in you inadvertently mistyping.

1 Like

Also, in 2024, if you are worried enough about someone snooping over your shoulder to gain information about your password length… why are you still using passwords?

2 Likes

@mattdm Should I submit a change proposal for this? I assume it’s probably a bit late to submit a change for F41 (the freeze is in less than two weeks O_O) but I’d love to actually get this to the right places for F42/43.

I’m pretty new to the project (only made minor contributions to Ask Fedora, the unofficial Discord, and some small documentation, and when I say minor I mean pedantic-level OCD-fuelled nitpicks), but I’m trying to learn how the change proposal process works as I’m typing this (I have the YT video opened on my T480 while I type.)