Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).
This community is automagically fed by an instance of Dittybopper.
“Security is theoretically worse since password lengths are exposed to people watching your screen, but this is an infinitesimal benefit far outweighed by the UX issue.”
— SUDO-RS UPSTREAM COMMIT MESSAGE, ENABLING
PWFEEDBACKBY DEFAULT
Do people actually struggle with this, UX-wise? I find that I mistype my password just as often whether or not it is silent or asterisks.
I have many times accidentally pressed a single key and then had to start over because I had no feedback to confirm it's only one accidental key press.
I also hold the backspace for a (relatively) stupid long amount of time when I do know I made a typo because of no feedback on that either. Lol
Ctrl-U clears the line.
Yep. I either do that or Ctrl-C and run the command again. I think many of those will be avoidable with feedback
The first time i came across a sudo prompt i thought i didnt work. Yes. I think its bad for new comers.
Ha. Didn’t even think of that. It definitely used to be a more common pattern.
If a malicious actor being able to see your terminal is part of your threat model, then remove pwfeedback from the sudoers file.
I always thought this was a security feature. Guessing a password that you don't know the length of is a lot harder.
That is the reason for it. But I think people are finally admitting the scenarios where it actually helps security are exceedingly rare.
Cool. I like it.
Ah. They removed a security feature. What a joy.