> sudo password is the same as their login password — one that already appears as visible placeholder dots on the graphical login screen. Hiding asterisks in the terminal while showing them at login is, in the developers’ estimation, security theatre.
So hide the first one as well? But also, that's not true, not all terminal passwords are for local machine
> Confusing — appears frozen
So make it appear flashing? Still doesn't need to reveal length
This is literally never identified as an issue in any other system processing passwords. This feels like a debate by someone who once thought they had a clever idea and can’t let go despite everyone telling them it’s awful.
Feels like you're talking to your own strawman re. whether hiding password length makes sense, which I specifically didn't address, only pointed out that the arguments I've quoted do not support the change.
The reason is to protect the innocent, of course, they're mostly clueless about security! But I don't know the level of practical benefits for this measure, superficially seems to be rather low, but then (assuming silly usability issues like "appears frozen" are fixed) what's the downside?
So hide the first one as well? But also, that's not true, not all terminal passwords are for local machine
> Confusing — appears frozen
So make it appear flashing? Still doesn't need to reveal length