Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords

Ubuntu 26.04 Ends 46 Years of Silent sudo Passwords

Starting with the upcoming LTS release, every keystroke at a sudo password prompt will echo an asterisk — a small UX fix that has ignited one of Linux’s fiercest debates in years.

For more than four decades, typing a password after a sudo prompt in a Linux terminal produced nothing visible on screen — no asterisks, no dots, no moving cursor. The blank void was intentional: a guard against “shoulder surfing,” the practice of counting keystrokes to guess a password’s length. Ubuntu 26.04 LTS, codenamed Resolute Raccoon and due on April 23, 2026, changes that.

“Security is theoretically worse since password lengths are exposed to people watching your screen, but this is an infinitesimal benefit far outweighed by the UX issue.”

— sudo-rs upstream commit message, enabling pwfeedback by default

A History Written in Silence

The original sudo utility was created in 1980 by Bob Coggeshall and Cliff Spencer at the State University of New York at Buffalo. Its silent password prompt was a deliberate security decision from an era when terminals were shared, physical screens were wide-open, and the threat model squarely included people standing behind you counting keystrokes. That behaviour survived — untouched — through nearly half a century of Linux distributions.

The tradition began to crack when Linux Mint enabled visual password feedback by default for its own sudo configuration, quietly demonstrating that the sky would not fall. Still, mainstream distributions, Ubuntu among them, maintained the classic silent prompt.

Enter sudo-rs: Rust Rewrites the Rules

The catalyst for Ubuntu’s change is sudo-rs, a ground-up rewrite of the classic C implementation in the Rust programming language. Canonical shipped sudo-rs as the default sudo implementation beginning with Ubuntu 25.10 — a transition that most users never noticed because the command name and behaviour were otherwise identical.

Then, roughly two weeks before the Ubuntu 26.04 beta window, the upstream sudo-rs project merged a patch to enable the pwfeedback option by default. Canonical cherry-picked that patch into Ubuntu 26.04 development builds. The legacy sudo package (sometimes labelled sudo-ws) is unaffected; only the sudo-rs path shows asterisks.

• 1980: sudo created at SUNY Buffalo. Silent password input is the default from day one.
• 2025: Ubuntu transitions to sudo-rs (Rust). Behaviour remains visually unchanged for users.
• Early 2026: Upstream sudo-rs project decides pwfeedback should be enabled by default to “make sane modern UX decisions.”
• April 2026: Ubuntu 26.04 LTS “Resolute Raccoon” ships to the public. Password asterisks become the default for millions of users.

The Security Argument — Both Sides

Critics of the change point to a bug report whose title captures the sentiment perfectly: “sudo-rs echos * for every character typed breaking historical security measures older than I am.” Ubuntu acknowledged the report and marked it Won’t Fix. The upstream sudo-rs developers similarly declined to back down.

The developers’ counter-argument rests on two pillars. First, the security benefit of hiding password length is negligible in practice — anyone close enough to count asterisks on a screen is close enough to hear or watch your keystrokes directly. Second, and more pointedly, most users’ sudo password is the same as their login password — one that already appears as visible placeholder dots on the graphical login screen. Hiding asterisks in the terminal while showing them at login is, in the developers’ estimation, security theatre.

| Aspect | Classic sudo (silent) | sudo-rs with pwfeedback | |---|---|---| | Visual feedback | None | One asterisk per character | | Password length exposed | No | Yes (to shoulder snoopers) | | Login-screen consistency | Inconsistent — dots shown at GDM | Consistent with graphical prompts | | New-user experience | Confusing — appears frozen | Confirms input is registering | | Revertible? | — | Yes — one sudoers line |

How to Restore the Classic Behaviour

Users and system administrators who prefer the traditional silent prompt can restore it with a single configuration change. The setting is toggled via the sudoers file, which should always be edited through the safe visudo command to prevent syntax errors from locking you out.

🔧 Restore Silent Password Input

1. Run sudo visudo
2. Add the following line to the sudoers file: Defaults !pwfeedback
3. Save and close. The change takes effect immediately in new terminal sessions.

The Broader Picture

The asterisk change is part of a wider modernisation underway in Ubuntu 26.04. The release will ship with GNOME 50 running exclusively on Wayland, Linux kernel 7.0, and further adoption of Rust-based core utilities — including uutils/coreutils, a Rust reimplementation of the standard Unix command-line tools. The switch to sudo-rs is thus one piece of a broader effort to bring memory safety and, apparently, modern UX sensibilities to Ubuntu’s fundamental plumbing.

Whether you consider the asterisk change an overdue quality-of-life improvement or a dangerous departure from Unix philosophy, one thing is clear: the option to revert remains firmly in your hands. The developers have simply decided that the default should favour the many newcomers baffled by a blank prompt over the few veterans who cherished it.