NicoHood
commented
3 years ago Hmmm I would still not hide any information via email though. On the cli this sounds reasonable, but via email this leaks too much information in my opinion. We could differentiate between those two usescases.
Merged, but i put a bit of logic in to show the string length replaced by
*characters and keeping the last 2 chars of the password for context in case you are trying to debug logging in.