Starting with the upcoming LTS release, every keystroke at a sudo password prompt
will echo an asterisk — a small UX fix that has ignited one of Linux’s fiercest debates in years.
For more than four decades, typing a password after a sudo prompt
in a Linux terminal produced nothing visible on screen — no asterisks, no dots, no moving cursor.
The blank void was intentional: a guard against “shoulder surfing,” the practice of counting
keystrokes to guess a password’s length. Ubuntu 26.04 LTS, codenamed Resolute Raccoon
and due on April 23, 2026, changes that.
“Security is theoretically worse since password lengths are exposed to people watching your screen, but this is an infinitesimal benefit far outweighed by the UX issue.”
— sudo-rs upstream commit message, enablingpwfeedback by default
beforeuser@ubuntu:~$ sudo apt update
[sudo] password for user:
afteruser@ubuntu:~$ sudo apt update
[sudo] password for user: ********
A History Written in Silence
The original sudo utility
was created in 1980 by Bob Coggeshall and Cliff Spencer at the State University of New York at Buffalo.
Its silent password prompt was a deliberate security decision from an era when terminals were shared,
physical screens were wide-open, and the threat model squarely included people standing behind you counting keystrokes.
That behaviour survived — untouched — through nearly half a century of Linux distributions.
The tradition began to crack when Linux Mint enabled visual password feedback by default for its own sudo configuration, quietly demonstrating that the sky would not fall. Still, mainstream distributions, Ubuntu among them, maintained the classic silent prompt.
Enter sudo-rs: Rust Rewrites the Rules
The catalyst for Ubuntu’s change is sudo-rs, a ground-up rewrite of the classic C
implementation in the Rust programming language. Canonical shipped sudo-rs as the default
sudo implementation beginning
with Ubuntu 25.10 — a transition that most users never noticed because the command
name and behaviour were otherwise identical.
Then, roughly two weeks before the Ubuntu 26.04 beta window, the upstream sudo-rs project
merged a patch to enable the pwfeedback
option by default. Canonical cherry-picked that patch into Ubuntu 26.04 development builds.
The legacy sudo
package (sometimes labelled sudo-ws) is unaffected; only the sudo-rs path shows asterisks.
1980
Original sudo created at SUNY Buffalo. Silent password input is the default from day one.
Ubuntu 25.10 — October 2025
Canonical replaces the classic C-based sudo with sudo-rs (Rust). Behaviour remains visually unchanged for users.
October 2025
A bug report filed against sudo-rs requests that pwfeedback be enabled by default to “make sane modern UX decisions.”
February 2026
Upstream sudo-rs merges the pwfeedback patch. Canonical cherry-picks it into Ubuntu 26.04 daily builds. Community debate erupts.
April 23, 2026
Ubuntu 26.04 LTS “Resolute Raccoon” ships to the public. Password asterisks become the default for millions of users.
The Security Argument — Both Sides
Critics of the change point to a bug report whose title captures the sentiment perfectly: “sudo-rs echos * for every character typed breaking historical security measures older than I am.” Ubuntu acknowledged the report and marked it Won’t Fix. The upstream sudo-rs developers similarly declined to back down.
The developers’ counter-argument rests on two pillars. First, the security benefit of hiding
password length is negligible in practice — anyone close enough to count asterisks on a screen
is close enough to hear or watch your keystrokes directly. Second, and more pointedly, most users’
sudo password
is the same as their login password — one that already appears as visible placeholder dots on the
graphical login screen. Hiding asterisks in the terminal while showing them at login is, in the
developers’ estimation, security theatre.
| Aspect | Classic sudo (silent) | sudo-rs with pwfeedback |
|---|---|---|
| Visual feedback | None | One asterisk per character |
| Password length exposed | No | Yes (to shoulder snoopers) |
| Login-screen consistency | Inconsistent — dots shown at GDM | Consistent with graphical prompts |
| New-user experience | Confusing — appears frozen | Confirms input is registering |
| SSH session behaviour | Silent | Asterisks shown in SSH sessions too |
| Revertible? | — | Yes — one sudoers line |
How to Restore the Classic Behaviour
Users and system administrators who prefer the traditional silent prompt can restore it with a
single configuration change. The setting is toggled via the
sudoers
file, which should always be edited through the safe
visudo command to prevent
syntax errors from locking you out.
🔧 Restore Silent Password Input
sudo visudo
Then add the following line to the sudoers file:
Defaults !pwfeedback
Save and close. The change takes effect immediately in new terminal sessions. No reboot required.
The Broader Picture
The asterisk change is part of a wider modernisation underway in Ubuntu 26.04. The release
will ship with GNOME 50 running exclusively on Wayland, Linux kernel 7.0, and further adoption of
Rust-based core utilities — including
uutils/coreutils,
a Rust reimplementation of the standard Unix command-line tools.
The switch to sudo-rs is thus one piece of a broader effort to bring memory safety and, apparently,
modern UX sensibilities to Ubuntu’s fundamental plumbing.
Whether you consider the asterisk change an overdue quality-of-life improvement or a dangerous departure from Unix philosophy, one thing is clear: the option to revert remains firmly in your hands. The developers have simply decided that the default should favour the many newcomers baffled by a blank prompt over the few veterans who cherished it.
Ubuntu 26.04 LTS Resolute Raccoon is scheduled for final release on April 23, 2026.