Password Feedback ( Stop typing in the Dark )

This little tweak will give you ***** as you type in your sudo password in the terminal.

Start Terminal (Ctrl+Alt+t) (or f12 for tilda terminal)
sudo visudo
(enter you pw) to get this

Now change/add -
Defaults env_reset
Defaults env_reset,pwfeedback (Press Enter for new line)
add the next line
Defaults pwfeedback
(Note: The Space is actually a TAB)

it should look like this after your done.

now press Ctrl-x (this will bring up a dialog to save your work)

Type Y (to get this)

Just press (Enter) here to save your file. Now you should have Feedback as you type your PW. (You may need a reboot, I am unsure)


You do realize that suggesting this removes a layer of security for the end-user right? Typing “in the dark” for you may be annoying, but the security aspect of somebody glancing over and not seeing how long your password is adds confusion to anyone who hasn’t connected and has access to a keylogger remotely.

1 Like

Of all the security concerns to have, this seems like just about the most trivial. Nevermind the terrible passwords most people use to begin with, if someone is using a sufficiently long password, brute forcing is going to take a stupidly long time.

Nevermind that it’s pretty hard to accurately count the number of asterisks over someone’s shoulder if it’s a decent password; and if it’s four asterisks - well, brute forcing isn’t going to take long anyway, is it? I don’t think knowing the length of a password is really that important.

Perhaps if you’re a spy or in the military; but really, you should have other security concerns in addition to password length, and someone like that isn’t going to employ this tip.

I mean, seriously. The more I think of who might want to see asterisks when they type, the more I think anyone who would actually benefit from worrying about would never employ this trick in the first place.

My password for my desktop computer is eight characters. The password I use for a few services such as several email accounts and a couple of tools I use is nine characters in length. The password to my password keeper service is 16 characters long. Beyond that, I use a self-written generator that generates passwords of 24 or 32 characters in length, and use my password manager for storage.

If you in any way think that knowing that helps you hack into me, well, I suppose it might assist you in some extremely trivial way. But nobody’s going to hack me with that knowledge. I’m not saying I’m unhackable; just that that information would not be a part of what allows someone to hack any of the things I use. It’d take an exploit - technical or social - to do that.


I guess it would be useful if I ever install linux on the tablet and would need to use touchscreen, thanks for the tip.

On the upside, this could lead into some other discussion; such as patching in a mode that uses haptic feedback for typing in passwords so you can feel on a tablet or other device with motors underneath as you type.

That would actually be helpful for blind people, come to think of it.

1 Like

I followed the instructions (to the letter). Yet, whenver I do a 'sudo' command in terminal, this message comes up: sudo: /etc/sudoers:9 unknown defaults entry "pwdfeedback". I then can type in my password, with the asterisks showing en the command completes normally. Would it be possibel te have the message concerning unknown defaults be suppressed somehow? And how should one do that? TIA!

That's probably your mistake. See instructions again; it's pwfeedback.

Thanks tiox! My mistake...

It is all great, but do not forget about CVE-2019-1863 in Debian and in Ubuntu.

It is now fixed, but at time of OP writing it actually existed.