Enable pwfeedback and show asterisks for password input when using sudo

A particular preference I have in Linux is a small thing, but it is something I have kept consistent for many years: showing asterisks as placeholder characters when typing in a user password in the terminal. For as long as I can remember, Ubuntu has disabled this behavior by default. When the password is being typed by the user, no placeholder characters are shown to the right of the password prompt, and no other visual feedback is given that a password character has been entered. Linux Mint had been my daily driver OS for a long time, and asterisks for password input is enabled by default in Mint. This is the behavior I to which I had grown accustomed over the last 10 years.

I purchased a System 76 Thelio Mira desktop recently, and it came from the factory configured with Pop!_OS 21.10, an Ubuntu-based distro that uses GNOME and System76’s COSMIC desktop environment. I had experimented with Pop!_OS in a VM several months back and I liked it, so I decided to stick with it on my new machine. Like Ubuntu, password prompts in the terminal do not show the asterisks, so I changed that by using the visudo command to edit the sudo config file, /etc/sudoers.

Open a terminal, and enter the following command. Enter your password when prompted:

sudo visudo

visudo allows safe editing of the sudo configuration file, which contains settings for things like allowed users and their privileges, as well as toggling the password feedback option that will show asterisks as placeholder characters. All that is needed here is to append ",pwfeedback" to the first "Defaults" line. The file should look like this:

“sudoers” config file updated to show password feedback when typing.

Hit “Ctrl + S” to save the file and “Ctrl + X” to exit visudo. That’s it! You will now see asterisks when prompted to enter a password in the Terminal. To reset the timeout and force a password prompt the next time sudo is used, enter command "sudo -k".

“sudoers” password feedback on, asterisks shown as placeholder character

It is worth noting here that there is an associated security risk with enabling password input feedback. The concern lies in the fact that the length of your password could be visible to prying eyes. This is obviously not enough information on its own to allow unauthorized access to your account, but it could be useful when combined with partial password information, or a much smaller password table in a brute force attack. However, if pwfeedback is enabled on your personal machine which is used in your home office for example, it’s likely there is an near 0% chance of someone with nefarious intentions peeking over your shoulder at the moment you are typing your password in the terminal. The discussion on this Ubuntu bug gives some more insight on why they will never implement pwfeedback by default. But, this being Linux, you have the freedom to asses the risk for yourself and do whatever you prefer!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s