alt Hacker NewsI also think it is a good decision. Nevertheless it breaks the workflow of at least one person. My father's Linux password is one character. I didn't knew this when I supported him over screen sharing methods, because I couldn't see it. He told me, so now I know. But the silent prompt protected that fact. It is still a good decision, an one character password is useless from a security standpoint.
Replies
This has always been an option and your dad can just flip the default back to not show it
How much would unknown password length protect against bruteforcing a 1 character password?
> It is still a good decision, an one character password is useless from a security standpoint.
Only if length is known. Which is true now. So it opens the gates to try passwords of specific known length.
I may or may not use a single char password on a certain machine. This char may or may not be a single space. It may or may not be used in FDE. It's surprising what (OS installers) this breaks.
If it breaks the workflow of one person but makes it better for many more, it's likely a worthwhile tradeoff.