If Apollo says it’s ok then I’m ok 
I like that suggestion. I’m proficient in the command line and I understand the reasons for not showing asterisks. But having no feedback whatsoever always annoyed me. I can totally understand that this may be confusing for people that are not used to that, especially on Windows where password inputs always give feedback. That is why I support the idea.
1 Like
I also like this solution too.
I would like to see asterisks as well, as it is confusing to type into the proverbial void even when you know that the command does not show feedback.
Edit: If asterisks are not an option, the help text is an acceptable alternative.
I am not a fan of the “show password” feature for security reasons (especially with tools like Microsoft Recall on the horizon).
1 Like
Also just reminded me that pasting into the void works, perhaps that could be in the help text if folks have trouble 
1 Like
And “backspace into the void” if you make a mistake 
1 Like
- Get it fixed in Python itself, showing asterisks. +0
- Re-implement in Django itself, showing asterisks. -1
- Show user input like for the username input. -1
- Message +1
- Argument for showing input +0
Side note, Ubuntu will transition to showing asterisks in the sudo-rs password prompt: Ubuntu 26.04 Shows Asterisks When You Type Your sudo Password
So why start showing asterisks? The sudo-rs developers think the security benefit in hiding feedback from said hypothetical shoulder-snoop is, bluntly, “infinitesimal”. It confuses more people than it helps.
1 Like
As of Python 3.14, all we need is to pass echo_char="*" to getpass(): Docs.
I just accepted a ticket and reframed it to accomplish that. 
Didn’t mean for my emoji to silence any doubts – I was simply excited that Python finally moved on this and that we could relatively cheaply do the option that seemed least objectionable!
I gave an approval to the PR implementing option #1, but I’ll wait to merge it so any discussion can continue here.
(Removing my fellow hat and putting my just another Django contributor hat on, Thibaud’s original argument that helping beginners is more valuable than following a UNIX convention carries a lot of weight for me, so I’m excited about option #1. I’m -0 on branching the behavior by platform, as it feels like avoidable complexity.)
I would be generally in favor of the proposed change but after reading the getpass docs, I see this unexpected disclaimer:
On Unix systems, when echo_char is set, the terminal will be configured to operate in noncanonical mode. In particular, this means that line editing shortcuts such as Ctrl+U will not work and may insert unexpected characters into the input.
I found this to be a blocker to incorporate this. For users who habitually use Ctrl+U to clear a mistyped password (
), this is a regression. The note that it “may insert unexpected characters” makes it potentially worse than the current silent behavior.
I think we should go back to the previous consensus which was to add a nice help text explaining that no feedback will appear during password entry, possibly also surfacing password validation rules upfront. No behavior change, no new dependencies, no regressions.
1 Like
Oh, great catch! I’ll update the ticket to reflect that we’ll need to fall back to the help text idea.