Correct, it is not a meaningful reduction of security. In terms of information theory, the search-space reduction will not take make a strong password tractable. And that's leaving aside that you could already get that information via sound, or visually by looking at the keyboard. And GUIs already gave the length of the password, it was only some text-based applications that gave zero password feedback.

Conversely, making people more comfortable with security measures may well improve security; for instance, some people will have an easier time typing in longer and more complex passwords thanks to password feedback.

Usability is often a security feature.

If your password is long enough it doesn’t matter if they know it is say 16 characters and if it isn’t long enough it also doesn’t matter because they can just brute force all the potential lengths up to it. So yes it is just security theater.

Think of it this way: there’s a button to show your actual password in the majority of applications nowadays.

`sudo` and `login` are I think the only two tools I use that don’t provide any feedback.

Otherwise my entire life is behind a password database that lets me see my password in plaintext and otherwise shows the length of it as it’s typed. KeepassXC.

If knowing how the length of your password makes it easy to crack you probably have other problems

No, not really. If you have people watching you so closely, there’s a good chance they can watch your fingers on the keyboard, too. Maybe you’re sharing your screen for a presentation, this might be slightly ill advised, but then, you should run such things in a VM or container and use silly demo passwords.

It is not, from a statistical perspective.