sudo is probably the most famous command in the Linux world. It allows ordinary users to run other commands or programs using the superuser privileges, which will allow them to do system-wide changes or modifications that they weren’t able to do with their ordinary user privileges.

The Current Situation

By default on all Linux distributions, when you run the sudo command, you’ll need to enter the superuser password just like below:

Linux Distributions Should Enhance how Sudo Asks for Passwords 13

One thing to be noticed from the picture above is that the password is hidden. When users write anything at that time, nothing will be displayed on the screen, not even asterisks. They’ll have to trust that there’s something written in the terminal and just write their passwords and hit Enter.

Historically, this is done for both ease of implementation and security reasons. It makes it difficult for people standing near your shoulder from knowing your password length. If they don’t know your password length, it would be harder for them to guess it. They can, of course, listen to the keystrokes you are hitting and try to guess how many characters did you hit? But that’s more difficult than just looking at the screen and counting the number of asterisks there.

Also, when they see that your password is too long, they might not even try to use your computer and guess your password. But if your password is less than few characters, it will give them hope.

Additionally, in terms of implementation, displaying an asterisk instead of the password character requires more code and work to do. In the terminal, when you write normal commands and you see them in the terminal, it’s because the “echo mode” is set to On, meaning that all characters will be displayed on your screen. In sensitive commands, however, such as sudo or passwd, “echo mode” is set to Off, which simply doesn’t take the extra step of printing those characters to the screen. So that’s less work and code to do, and it went on like that since the Unix days to simply hide the password characters.

The issue

Linux Distributions Should Enhance how Sudo Asks for Passwords 15

From a user experience perspective, and talking about the new users of Linux distributions, and very non-techy people who might need to use the sudo command, the current way this is done doesn’t give them any explanation or hint about why the keys that they are hitting aren’t displayed in the screen when they write their passwords. They would think that there’s an issue in the system or their keyboards, because no visual feedback is given.

Of course, as people who use Linux or other Unix-like systems for years, this is a trivial thing for us. But for new people, and ordinary teachers, doctors, your grandpa or my aunt, this is a very bad user experience. Users do expect to get feedback on the screen when they hit keyboard keys, which isn’t being done here.

A workaround would be to run sudo visudo command, and then changing the Defaults env_reset line to Defaults env_reset, pwfeedback, and then saving the file and exiting:

Linux Distributions Should Enhance how Sudo Asks for Passwords 17

From now on, sudo will display asterisks when you enter your passwords:

Linux Distributions Should Enhance how Sudo Asks for Passwords 19

A Proposal

Major Linux distributions should take this issue into consideration and try to fix it. There are two approaches that we see as feasible:

  1. Just like the above, make sudo display asterisks when you enter your password. But that will take away the little advantage of people not knowing the length of your password. Whether this advantage is actually needed or not in real world is open to discussion.
  2. Display a text message whenever the sudo command is called that explains what’s happening and why the characters aren’t being displayed. A normal sudo use case then would be:
    mhsabbagh@potatopc:~$ sudo synaptic
    Note: Keys you write now are not going to be displayed on the screen for security reasons, but the system does receive them.
    [sudo] password for mhsabbagh:

In that way, the terminal would still not display the password characters as they are being entered, but first-users will realize and understand that what they are writing is actually there, not that there’s an issue or a problem in their keyboard.

Conclusion

We have seen so far why is this an issue, how to workaround it and what are the possible permanent solutions for it. If you are a member of any major Linux distribution community, it would be a good idea to discuss this topic with your distribution’s developers and see what they think about it.

In the meantime, we would like to know about your opinions in the comments below.

12 Comments

  1. Luc Van Rompaey

    April 22, 2019 at 9:25 pm

    Why not provide a way to select which character gets displayed instead of an asterisk?
    It’s how the X display manager (xdm) does it. That way, if you’re worried that someone might be able to count the asterisks and find out the length of your password, then you could display underscores instead. On my Slackware system using xdm, this works great.

    Reply

  2. Linux User

    April 23, 2019 at 5:02 am

    The problem statement exists only on the command line. If you’re on the command line it’s expected you know a little bit about what you’re doing. There is no problem here the solution has worked well for decades and no doubt will continue working for decades more

    Reply

  3. panman

    April 23, 2019 at 12:24 pm

    I disagree. The argument that new users will find it hard is weak. When you do it twice or three times, you will learn.
    In addition, the author provides a solution by editing the sudoers file if the user wants to echo asterisks, but why on earth (all?) distributions shall consider changing the default behavior if someone does not like it? I like that there is no output displayed when you enter the password and would not like such change.

    Reply

  4. Jeremy

    April 23, 2019 at 5:51 pm

    I disagree. By default, things should stay the way they are. Perhaps an option that more experienced people should live with would be to have a utility for new people to allow them to change the behavior easily. I’ve been using Linux for more than 20 years, and the only distro that has this behavior by default (at least a distro that I’ve tried) is Mint. This is the single most annoying thing about Mint.

    I’ve used various versions of BSD, Solaris, and Linux and the default behavior had been consistent for years. Mint being the stand-out. Perhaps having new Linux users start with a Mint flavor would be a better idea than to suggest all distos change this behavior.

    Reply

  5. bemused

    April 23, 2019 at 9:47 pm

    It is assumed that a new Linux user stumbles upon Linux, with absolutely zero knowledge of the system. No explication is given and the new user simply has to figure out how things work. Moreover as a new comer to this hitherto unknown environment Linux has to make accommodation.
    What about the new user attempts at least to find out how things work? I cannot imagine the scenario where a total new comer wants to do things in Linux and does not even learn the very basics.
    Things should stay as they are.

    Reply

  6. Jason H

    April 25, 2019 at 3:52 pm

    “Major Linux distributions should take this issue into consideration and try to fix it.”

    No, just no. Linux distributions should always err on the side of security. Granted, that looks somewhat different depending on whether you’re installing a desktop or server flavor of the distro. But convenience shouldn’t trump security. If you want that mindset, go use Windows.

    Reply

  7. MightyMoo

    April 25, 2019 at 4:07 pm

    I like the SUDO behavior as it is. Most people new to Linux shouldn’t need to use the command line like that and if they are digging in to the command line they’re going from novice to more intermediate users and should be expected to up their game more. It’s the same as in Windows really, most Windows users don’t go for the command line to do things and when they do they up their game.

    Making something less secure by default isn’t the answer. People learning new things and adapting is.

    Reply

  8. Peter Philip

    April 25, 2019 at 4:30 pm

    So many people in the comments are missing the point, there’s no added security value in not displaying the password as asterisks. The person sitting near you can know how many chars did you hit using sound, you know, people have ears.

    Your behavior is the reason why people are afraid of Linux, nobody should stand against making things newbie-friendly, and this doesn’t harm you in any way.

    Reply

  9. KP

    April 25, 2019 at 4:40 pm

    If the point is to make Linux eventually look and act like Windows, then why use Linux at all? Stay with Windows. If the reason for switching is because you don’t want to pay for an operating system, then use ReactOS. Most of us came to Linux because it is different than Windows and more secure than Windows.

    Reply

  10. C. Conrad Cady

    April 25, 2019 at 4:50 pm

    Replying to Peter Philip: You claim “there’s no added security value in not displaying the password as asterisks” and “this doesn’t harm you in any way.” Those are both false statements.

    Reply

  11. Rick Romig

    April 25, 2019 at 4:52 pm

    I don’t have a problem with no characters being displayed when entering my sudo password. or with displaying asterisks . Neither hinders nor helps me. Keep in mind that GUU apps that require root (sudo) access, usually display either dots or asterisks when typing in your password. I don’t see counting asterisks as a big security problem. (People should avoid short, easy to guess passwords anyway.

    Reply

  12. Jerry A

    April 25, 2019 at 5:31 pm

    This is linux. Users at the command line wanting root privileges should know how to enter a password.

    Reply

Leave a Reply