Comment 5 for bug 52914

Colin Watson (cjwatson) wrote :

I don't particularly want to change this in shadow; I would get complaints citing security (i.e. you can look over somebody's shoulder and see the number of characters in their password).

I also doubt the desktop folks will want to change their situation, citing usability as you do.

I realise it's inconsistent, but, given the tension here, I think if there is an inconsistency then it's probably in the right place. It's configurable in at least /etc/gdm/gdm.conf:

# Do not show any visible feedback in the password field. This is standard for
# instance in console, xdm and ssh.

... and it's configurable in /etc/login.defs:

# When prompting for password without echo, getpass() can optionally
# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*'
# characters for each character typed. This feature is designed to
# confuse people looking over your shoulder when you enter a password :-).
# Also, the new getpass() accepts both Backspace (8) and Delete (127)
# keys to delete previous character (to cope with different terminal
# types), Control-U to delete all characters, and beeps when there are
# no more characters to delete, or too many characters entered.
# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour -
# exactly one '*' displayed for each character typed.
# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace,
# Delete, Control-U and beep continue to work as described above).
# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass()
# without any new features. This is the default.