Ubuntu 26.04 LTS Now Shows Password Feedback in sudo
Ubuntu 26.04 LTS introduces a subtle but impactful change: when you type your password with sudo, you now see asterisks (********) instead of a blank screen. This shift marks a departure from decades of Linux tradition, where sudo passwords were hidden entirely to prevent shoulder-surfing attacks. Let’s unpack why this change matters—and why it’s sparking debate.
Why the Change Happened
Ubuntu 26.04 LTS uses sudo-rs, a Rust rewrite of the classic sudo tool. This update, first introduced in Ubuntu 25.10, prioritizes modern security and performance. The password feedback feature was added in 26.04 after Canonical cherry-picked a patch from the upstream sudo-rs project. The goal? Improve user experience for newcomers who often panic when their password appears invisible.
Security vs. Usability Debate
For decades, sudo hid password feedback to thwart shoulder-surfing attacks. The logic: if an attacker can’t see the password length, they can’t guess it. However, sudo-rs developers argue this benefit is “infinitesimal.” They note that most users reuse their login password for sudo—and that’s already visible at the login screen. Critics, meanwhile, call the change a “security regression” that ignores 40+ years of Linux tradition.
How to Revert to Old Behavior
If you prefer the old behavior, Ubuntu makes it easy. Edit the sudoers file with sudo visudo and add:
Defaults !pwfeedbackThis disables the asterisks, restoring the silent password prompt. The change takes effect immediately.
User Reactions and the Road Ahead
The update has divided the Linux community. Some praise the move for making sudo more intuitive, while others call it a “security theater” misstep. Canonical marked a bug report as “Won’t Fix,” stating the change aligns with upstream sudo-rs decisions. The debate shows no signs of slowing down—until April 23, 2026, when the project’s final decision deadline arrives.
Final Thoughts
Password feedback in sudo is a small change with big implications. It reflects a broader tension in Linux: balancing security traditions with modern usability needs. Whether you embrace the asterisks or revert to silence, the key takeaway is clear: even the smallest UX tweaks can spark passionate conversations in open-source communities.
FAQs
- What is password feedback in sudo? It’s the display of asterisks (********) as you type your sudo password, replacing the traditional blank screen.
- Why did Ubuntu 26.04 LTS introduce password feedback? To improve usability for newcomers and align with the Rust-based
sudo-rsproject. - How to disable password feedback in sudo? Add
Defaults !pwfeedbackto/etc/sudoersusingsudo visudo. - What are the security risks of password feedback? Critics argue it makes shoulder-surfing attacks slightly easier by revealing password length.
- Can I revert to the old sudo behavior? Yes—modify the sudoers file as described above.
