- cross-posted to:
- hackernews@lemmy.bestiver.se
You must log in or # to comment.
“Security is theoretically worse since password lengths are exposed to people watching your screen, but this is an infinitesimal benefit far outweighed by the UX issue.”
— SUDO-RS UPSTREAM COMMIT MESSAGE, ENABLING
PWFEEDBACKBY DEFAULTDo people actually struggle with this, UX-wise? I find that I mistype my password just as often whether or not it is silent or asterisks.
I have many times accidentally pressed a single key and then had to start over because I had no feedback to confirm it’s only one accidental key press.
I also hold the backspace for a (relatively) stupid long amount of time when I do know I made a typo because of no feedback on that either. Lol
Ctrl-U clears the line.
Yep. I either do that or Ctrl-C and run the command again. I think many of those will be avoidable with feedback
The first time i came across a sudo prompt i thought i didnt work. Yes. I think its bad for new comers.
Ha. Didn’t even think of that. It definitely used to be a more common pattern.
If a malicious actor being able to see your terminal is part of your threat model, then remove
pwfeedbackfrom thesudoersfile.I always thought this was a security feature. Guessing a password that you don’t know the length of is a lot harder.
That is the reason for it. But I think people are finally admitting the scenarios where it actually helps security are exceedingly rare.
Cool. I like it.
Ah. They removed a security feature. What a joy.
