Now change/add -
Defaults env_reset
to
Defaults env_reset,pwfeedback (Press Enter for new line)
add the next line
Defaults pwfeedback
(Note: The Space is actually a TAB)
You do realize that suggesting this removes a layer of security for the end-user right? Typing “in the dark” for you may be annoying, but the security aspect of somebody glancing over and not seeing how long your password is adds confusion to anyone who hasn’t connected and has access to a keylogger remotely.
Of all the security concerns to have, this seems like just about the most trivial. Nevermind the terrible passwords most people use to begin with, if someone is using a sufficiently long password, brute forcing is going to take a stupidly long time.
Nevermind that it’s pretty hard to accurately count the number of asterisks over someone’s shoulder if it’s a decent password; and if it’s four asterisks - well, brute forcing isn’t going to take long anyway, is it? I don’t think knowing the length of a password is really that important.
Perhaps if you’re a spy or in the military; but really, you should have other security concerns in addition to password length, and someone like that isn’t going to employ this tip.
I mean, seriously. The more I think of who might want to see asterisks when they type, the more I think anyone who would actually benefit from worrying about would never employ this trick in the first place.
My password for my desktop computer is eight characters. The password I use for a few services such as several email accounts and a couple of tools I use is nine characters in length. The password to my password keeper service is 16 characters long. Beyond that, I use a self-written generator that generates passwords of 24 or 32 characters in length, and use my password manager for storage.
If you in any way think that knowing that helps you hack into me, well, I suppose it might assist you in some extremely trivial way. But nobody’s going to hack me with that knowledge. I’m not saying I’m unhackable; just that that information would not be a part of what allows someone to hack any of the things I use. It’d take an exploit - technical or social - to do that.
On the upside, this could lead into some other discussion; such as patching in a mode that uses haptic feedback for typing in passwords so you can feel on a tablet or other device with motors underneath as you type.
That would actually be helpful for blind people, come to think of it.
I followed the instructions (to the letter). Yet, whenver I do a 'sudo' command in terminal, this message comes up: sudo: /etc/sudoers:9 unknown defaults entry "pwdfeedback". I then can type in my password, with the asterisks showing en the command completes normally. Would it be possibel te have the message concerning unknown defaults be suppressed somehow? And how should one do that? TIA!
