On recent builds of Ubuntu 26.04 when being prompted by sudo for the password, password feedback is now enabled by default to show asterisk (*) characters when inputting your password. Traditionally sudo has not provided password feedback in the name of security to not divulge the length of your password in case anyone is looking/capturing your screen. But upstream sudo-rs has now changed the default behavior in the name of an improved UX.
Some new Linux users have initially been confused by the lack of any indicators/feedback when entering your password when prompted by sudo, but users have gotten by even in the recent years of more gamers and enthusiasts coming to Linux. Two weeks ago upstream sudo-rs has enabled “pwfeedback” by default:
“Change the default so that asterisks are shown when entering passwords. It is still possibly to disable the asterisks by explicitly turning `pwfeedback` off.
This fixes a major UX pain point for new users. Security is theoretically worse since password lengths are exposed to people watching your screen, but this is an infinitesimal benefit far outweighed by the UX issue. Outside of sudo/login no other password entry interfaces omit asterisks (including others on Linux).”
This stems from this bug report back in October requesting pwfeedback be enabled by default to “make sane modern UX decisions.“.
Not everyone is happy though now with sudo-rs quietly breaking traditions. Judging from the comments in that ticket though, sudo-rs developers don’t appear to be backing down from the default change.
The issue was also raised with this Ubuntu bug report given Ubuntu 26.04 development builds are now shipping with this default behavior.
“Before this upgrade, as expected, typing a password in a terminal echos NOTHING.
After this upgrade, I get STARS ECHOED.
WHY?!
This goes against DECADES of NOT ECHOING THE LENGTH OF THE PASSWORD TO SHOULDER SURFERS.”
The bug was marked as “Won’t Fix”, so now at least you’ve been forewarned about this default change and the extra “Defaults !pwfeedback” configuration change needed if wanting to maintain the longstanding default behavior.
