> sudo password is the same as their login password — one that already appears as visible placeholder dots on the graphical login screen. Hiding asterisks in the terminal while showing them at login is, in the developers’ estimation, security theatre.

So hide the first one as well? But also, that's not true, not all terminal passwords are for local machine

> Confusing — appears frozen

So make it appear flashing? Still doesn't need to reveal length

▲

9dev 15 hours ago | parent | next [-]

This is literally never identified as an issue in any other system processing passwords. This feels like a debate by someone who once thought they had a clever idea and can’t let go despite everyone telling them it’s awful.

	▲	eviks 14 hours ago \| parent [-]
		Feels like you're talking to your own strawman re. whether hiding password length makes sense, which I specifically didn't address, only pointed out that the arguments I've quoted do not support the change.

▲

michaelmrose 15 hours ago | parent | prev [-]

Is there any reason to have this feature enabled for millions of desktop users vs enable by appropriately paranoid corporate IT departments?

▲

eviks 13 hours ago | parent | next [-]

The reason is to protect the innocent, of course, they're mostly clueless about security! But I don't know the level of practical benefits for this measure, superficially seems to be rather low, but then (assuming silly usability issues like "appears frozen" are fixed) what's the downside?

▲

Elhana 14 hours ago | parent | prev [-]

Millions of desktop users would use empty password if they could.

	▲	mikkupikku 14 hours ago \| parent [-]
		Most of them would be well enough served by that too. It used to be normal and perfectly suitable for most home users.