[zenethian]

You got some sources or did you just make that up?

Because to hell with UX when it comes to security. Knowing the exact length of a password absolutely makes it significantly less secure, and knowing the timing of the keystrokes doubly so.

[9dev]

Yet somehow, none of the other high security tools I have ever interacted with seem to do this for some reason. No auditor flags it. No security standard recommends hiding it.

But SUDO is the one bastion where it is absolutely essential to not offer hiding keystrokes as an obscure config option, but enable for everyone and their mother?

[creatonez]

And once you start adding these accessibility problems, people will respond by using weaker passwords.

[baq]

> Because to hell with UX when it comes to security.

I don’t think you have any idea how wrong you are.

[plorkyeran]

Bad security UX that results in users bypassing security mechanisms entirely is probably the single biggest source of real-world security problems.