How to make password asterisks visible in Linux

Coming from a Windows world, Linux is an entirely different beast.

  • Everything is a file
  • Files don’t have extensions.
  • And I promise you: the vi text editor is more recondite than Albert Einstein’s mind.

All this stuff just makes learning Linux a positively daunting enterprise.  And it’s part of the reason why Linux is beloved by rarefied geeks who dream in binary and speak in code.

But it doesn’t have to be that way!  Linux is really easy if you slow down and forget about the wonky world of Windows.  Once you get the hang of it, the operating system is very coherent and is actually a joy to use.  In this guide, I want you to partake of that joy.

One of the interesting security features in Linux, is that it doesn’t give you any visual clue that you’re typing text into a password box.  In Windows you see a little dot, or bullet (sometimes an asterisk) but in Linux you don’t see anything.  The line is blank and stays blank as you type.

Linux Password is empty, no feedback

In the above graphic, you can see I’m trying to create a folder called ohYeah and then change into that directory.

I entered over a dozen characters at the password prompt yet the password line is still blank and it appears that the cursor hasn’t moved.

What gives?

This is actually a great security feature because it makes it harder for shoulder surfers to count password characters.  It’s harder to guess the length of your password.  Obviously, this isn’t a foolproof technique because someone can count keystrokes or just look at your keyboard, but at least it obfuscates the password enough to ward off people looking at your screen.

But security always comes at a cost and usually that cost is convenience.

Have you ever wondered if there was a way to make Linux echo password asterisks as you type a password?  Is there a file or something you can edit?

Yep.  

Linux is an extremely malleable operating system and so it’s no surprise it can flex to make asterisks appear.

Type this command into the console:

sudo visudo

Before we go on let me explain what this ostensibly redundant command does:

That first bit, sudo, means to switch user and then do something.

We are basically telling Linux to run a program called visudo with the privileges of another user.  The visudo program edits a special file called sudoers which just defines which users can run which commands on the system.  We’re going to add a parameter to sudoers that tells Linux to always print stars at password prompts.

Incidentally, visudo is different than the vi text editor because it protects the sudoers file against concurrent writes.  In other words, it precludes the possibility of multiple users editing sudoers at the same time; thus, it’s the recommended (and safest) way to edit the sudoers file.

After typing sudo visudo, enter your root password and then type the forward slash key (usually on the question mark key) and type:

env_reset

This is a quick way to search a file.

Forward slash + search string.

You can keep pressing the n key on your keyboard to search for the next instance of the search string.  We want to find the line that looks like this:

Defaults                   env_reset

Edit env_reset

Alright now we need to edit the file.

Right now we’re in a read-only view mode so to change into the editing mode we press the A key to add text to the end of the line.

Note the “A” must be capitalized or else it will append text after the cursor rather than the line.

Now just type this:

,pwfeedback

Adding pwfeedback via visudoer file

You may notice that the command starts with a comma.  That’s pretty important. We’re basically telling Linux to display password feedback by default.

Okay, so we did it.  To save the file we need to press the escape key so we can get out of editing mode.

Then we press Shift + ZZ to exit and save.

Linux password feedback

Ain’t that nice.

About

Connect with Vonnie on Twitter

Posted in Linux Tagged with: