mvt-project
Improvement: show characters typed in decrypt-backup
It would be easier to show * instead of nothing so that people can follow the characters they typed
I disagree with this proposal. While showing * while typing might make it slightly more user-friendly, and it could be valuable for accessibility, it is also less secure because it displays the exact length of your backup password. Situations where this might be relevant used to feel a bit contrived to me, but we're now living in a time where operating systems recording your screen in the background is a feature.
Users do already have the option of using a different password input by using an environment variable. Example in bash:
read -srp "Backup password: " backup_passwd # or load the password into the variable through any other preferred method
MVT_IOS_BACKUP_PASSWORD=$backup_passwd mvt-ios decrypt-backup
unset backup_passwd
Of course if the default behavior was to show placeholder characters, this approach could also be used to fully hide the password. But in my opinion a security-related project such as this should implement the most secure option by default (within reason), and the more accessible alternative could be mentioned in the documentation.
