Shoulder surfing for passwords is a tiny concern compared to how much these measures hurt ux. I am happy that the current trend is now to also let the user toggle off the * to see what you actually typed.
I don't know if these were added but to match security of other graphical password fields after submitting the password the terminal should clear the starts and while the password is being inputted it should protect the window so it can not be screen recorded.
charcircuit|2 days ago
I don't know if these were added but to match security of other graphical password fields after submitting the password the terminal should clear the starts and while the password is being inputted it should protect the window so it can not be screen recorded.
croes|13 hours ago
I don’t think we can afford less security
timhh|2 days ago
My attempt to fix the annoying and unnecessary 2 second delay when you mistype your password is going rather less well: https://github.com/linux-pam/linux-pam/pull/789
Does anyone want to rewrite PAM in Rust? :D