If your password is long enough it doesn’t matter if they know it is say 16 characters and if it isn’t long enough it also doesn’t matter because they can just brute force all the potential lengths up to it. So yes it is just security theater.

▲

croes 2 hours ago | parent [-]

Giving away the password length helps attackers to select the easier target.

	▲	JoshTriplett an hour ago \| parent [-]
		That's an argument for telling people the strength of their password, and warning them when setting a weak password. It's not an argument for decreasing usability in a fashion that will make people less comfortable typing long, complex passwords.