For nearly half a century, every Unix and Linux user has shared the same experience: typing a password into the terminal and watching absolutely nothing happen on screen. No dots. No asterisks. No feedback whatsoever. Just a blinking cursor and the quiet hope that your fingers hit the right keys.
That’s about to change.
Canonical, the company behind Ubuntu, announced that Ubuntu 26.04 — codenamed “Questing Quokka” and expected in April 2026 — will display asterisk characters as visual feedback when users type passwords at the sudo command prompt. It’s the kind of change that sounds trivial until you realize it overturns a default behavior that has persisted since the Bourne shell arrived in Unix Version 7 back in 1979, as reported by PBX Science.
The silent password prompt was never a bug. It was a deliberate security decision made in an era when multiple users shared a single physical terminal, and someone standing behind you could count your keystrokes to determine your password length. Displaying nothing — not even placeholder characters — was the safest approach when threat models centered on physical proximity and shoulder surfing in university computer labs and corporate mainframe rooms.
But the computing world of 2025 looks nothing like 1979. Most Linux users today sit alone in front of their own machines, or they’re connected via encrypted SSH sessions. The threat of someone counting asterisks over your shoulder has been largely replaced by phishing attacks, credential stuffing, and supply chain compromises. The original rationale, while sound for its time, has become an anachronism that creates more usability problems than it solves security ones.
And the usability problems are real. Anyone who’s mistyped a long, complex password into a silent prompt knows the frustration. You get no indication of how many characters you’ve entered, whether Caps Lock is on, or if the terminal even registered your keystrokes. You just press Enter and hope. When authentication fails, you start over from zero with no diagnostic information. For new Linux users especially, the experience can be bewildering — some genuinely believe the system is frozen or broken when they see no response to their typing.
The change itself is technically simple. It involves modifying a single line in the /etc/sudoers configuration file, adding the pwfeedback option to the Defaults directive. Experienced administrators have been making this tweak manually for years. What’s significant about Ubuntu’s decision is that it makes asterisk feedback the out-of-the-box default for what is arguably the most widely used Linux distribution in the world, particularly among newcomers and enterprise desktop deployments.
According to PBX Science, the proposal originated from Ubuntu developer Simon Quigley and was endorsed by Canonical’s engineering leadership. The decision didn’t happen in isolation. It reflects a broader push within the Ubuntu project to reduce unnecessary friction for users who don’t have decades of Unix muscle memory. Canonical has been steadily modernizing the Ubuntu desktop experience — the transition to the new Flutter-based installer in Ubuntu 23.10, the adoption of immutable desktop variants, and ongoing improvements to the GNOME-based interface all point in the same direction.
Not everyone is applauding.
Security purists have raised objections, arguing that even asterisk feedback leaks information. If an attacker can see your screen — whether physically or through screen-sharing software or a compromised remote session — they can determine your password length from the number of asterisks displayed. In certain high-security environments, that information matters. A 6-character password and a 32-character password represent vastly different attack surfaces, and revealing which category a user falls into is a nonzero disclosure.
The counterargument is straightforward: if an attacker has visual access to your screen in real time, you have far bigger problems than password length disclosure. They can watch you type URLs, read your emails, observe your file system structure, and capture sensitive data directly. Password length becomes a footnote in that threat scenario. And modern security best practices increasingly favor long passphrases and multi-factor authentication over password secrecy alone, making the length-disclosure concern less relevant than it once was.
There’s also a historical wrinkle worth examining. In 2020, a buffer overflow vulnerability (CVE-2019-18634) was discovered in sudo’s pwfeedback option itself. The flaw allowed potential privilege escalation when the feature was enabled. It was patched promptly, and sudo versions from 1.8.31 onward are not affected. But the incident gave ammunition to those who argue that adding any unnecessary feature to a security-critical tool like sudo introduces potential attack surface. The vulnerability was specific to the implementation rather than the concept, but it serves as a reminder that even small changes in security tooling carry risk.
So why now? Part of the answer lies in Ubuntu’s user demographics. The distribution has long served as a gateway for developers, students, and enterprise users moving to Linux from Windows or macOS — platforms where password fields have always shown placeholder characters. The cognitive dissonance of typing into apparent nothingness creates a small but persistent barrier, one that generates support tickets, confused forum posts, and occasional abandonment by users who conclude Linux is simply too hostile.
Canonical’s timing also coincides with growing industry momentum toward better terminal usability. Projects like Starship (a cross-shell prompt), modern terminal emulators like Warp and Ghostty, and shell enhancements like Fish and Nushell all reflect a recognition that the command-line interface doesn’t have to be stuck in 1979 to be powerful. The silent sudo prompt was one of the last relics of an era when user experience was subordinate to every other design consideration.
For enterprise administrators and security-conscious users who prefer the old behavior, nothing is being taken away. The pwfeedback option can be removed from the sudoers file in seconds, restoring the silent prompt. Ubuntu is changing the default, not eliminating the choice. This distinction matters. Defaults shape the experience of millions of users who never touch configuration files, while power users retain full control.
The ripple effects could extend beyond Ubuntu. Linux Mint, Pop!_OS, Zorin OS, and dozens of other distributions are built on Ubuntu’s foundation. When Ubuntu changes a default, downstream distributions must decide whether to inherit the change, revert it, or offer their own alternative. Given the usability benefits, many are likely to follow suit. And if the broader Linux community sees positive reception, distributions like Fedora and openSUSE may reconsider their own defaults independently.
This isn’t the first time a long-standing Unix convention has been challenged and overturned. The adoption of systemd over traditional init systems provoked years of heated debate but ultimately became the standard across major distributions. The shift from X11 to Wayland as the default display server followed a similar pattern — resistance from veterans, gradual acceptance, and eventual normalization. Password feedback in sudo is a far less disruptive change than either of those, but it touches the same nerve: the tension between tradition and accessibility in open-source software.
The broader philosophical question is whether Linux’s command-line tools should optimize for the most security-paranoid use case or for the most common one. For decades, the answer was unambiguously the former. Every default was set to maximum caution, and users were expected to customize their way to comfort. That approach served a small, technically sophisticated user base well. But as Linux reaches hundreds of millions of users through Ubuntu, Android, Chrome OS, cloud servers, and IoT devices, the calculus shifts. Defaults that confuse or frustrate the majority to protect against a minority threat scenario start to look like poor engineering trade-offs rather than principled security decisions.
Ubuntu 26.04 won’t ship until April 2026, so there’s time for the decision to be debated, tested, and refined. Early builds will likely include the change for community testing, and feedback from that process could influence the final implementation. But barring an unexpected reversal, the silent sudo prompt’s days as a default are numbered — at least on the world’s most popular Linux distribution.
Forty-six years is a long run for any default. Longer than most software projects exist. Longer than most of the people now using Linux have been alive. The silent password prompt earned its place in computing history, born from a legitimate threat model in an era of shared terminals and physical access risks. But defaults should serve the users of today, not memorialize the constraints of yesterday. A few asterisks on a screen won’t compromise anyone’s security in a meaningful way. They will, however, make millions of people’s daily interactions with their computers a little less mystifying.
Sometimes progress looks like a small row of stars where there used to be nothing at all.