What would be the concept behind the password not being echoed on cli
I am curious to know why the password characters(special characters) are not echoed when we login to the system via a terminal.
But we can see the password characters(special characters) while we login to the system via GUI.
The only reason i can think of is that the total number of characters in my password wouldn't be revealed to someone who's spying over my system/password.
Any suggestions/ides?
One possible explanation is that command line logins have been around for much longer than GUIs. I think the dots that replace characters are a relatively new idea that have been implemented in GUIs. On the command line, however, nothing was originally shown and it has stayed this way over the years.
It is far more common that a user or administrator enables logging of text on a command-line, than logging of video in a GUI. Furthermore, it is very common that someone will copy text from the command line and make it available to untrusted persons. For these reasons, it would be especially bad for information about a user's password--specifically, its length--to be shown on the command line.
For example, on Ask Ubuntu we often ask people to enter commands--including commands beginning with sudo
that ask for a password--and then to copy the entire contents of a terminal and add it to their questions. If the terminal showed a *
for each character entered as part of a password, we would have to ask them to manually remove those lines. They might accidentally remove more, or not enough, or we might forget to ask, or they might not realize that some text they made available contained a password line.
In contrast, it's very rare for us to ask someone to make a video screen capture so we can help them with their problem, and especially rare that we would ask them to do so for any task that includes a graphical password prompt. If that were common (or if we wanted it to become common), we would have to stop showing placeholder characters for graphically entered passwords, too.
As a secondary factor, it's more important that placeholder characters be shown when entering a password graphically:
Users of consoles generally expect that they are capable of receiving text input; it is the primary and usually only kind of input they take directly from a user. In contrast, many GUI's don't accept keyboard input, or don't accept it in as predictable a way.
It's common for a GUI program to refuse to echo keyboard input when the input cannot be acccepted--for example, when a user enters a letter in a text box that is intended to receive only numbers. It's easy for users to learn it's okay that nothing shows up when they enter their password in a console. It would likely be harder for people to feel comfortable seeing nothing while manipulating a graphical interface.
-
A graphical interface is more likely than a console to have multiple separate text elements. Echoing keyboard input is important because it clarifies which interface element within a program is receiving keyboard input. In this regard, showing stars in a password textbox may even be a security feature, in that it helps the user know they're not accidentally entering the password elsewhere.
(That's also a potentially issue in a console if the console is embedded in a GUI, but less so, since the user is less likely to be mistaken about whether or not they are typing in a console window than in a new window that has just been shown to take authentication information.)
If you want asterisks to be shown as you enter your password for sudo
, you can add pwfeedback
to the ,
-separated list of options on the Defaults
line in the sudoers
file.