alt Hacker NewsThere's no persistent reveal of password length after you're finished typing. It reduces the length-reveal leak from anyone who eventually sees the terminal log to people who are actively over-the-shoulder as you type it.
There's no persistent reveal of password length after you're finished typing. It reduces the length-reveal leak from anyone who eventually sees the terminal log to people who are actively over-the-shoulder as you type it.
If you can see 1 char from set of 4 you know the number of characters modulo 4. If the minimum length of a password is 6, and probably it is no longer than 12 characters, then you can narrow the length to 1 or 2 numbers. It is marginally better than asterisks of course, of course, but it is still confusing.