Getting a Hidden Password Input

python

password-security

input-handling

user-experience

byNikita Barsukov·Feb 8, 2025

Safely get a password input in Python using getpass. Just call the getpass.getpass() function and your input will be nicely obscured:

from getpass import getpass
# Echoes nothing, not even stars nor your favorite emoji 😄
password = getpass()

The catch is, getpass works smoothly in a terminal environment. Don't count on it too much in IDLE - it might throw a tantrum.

Alternative strategies

Asterisk masking with getch

If you fancy giving your users some visual feedback in the form of asterisks (*) when they're typing a password, you can turn to msvcrt.getch(). Here's how you can do it in Windows:

import msvcrt

password = ""
# Star spangled password! 🌟
while True:
    char = msvcrt.getch()
    if char == b'\r':  # Enter key - our cue to wrap it up
        break
    if char == b'\x08':  # Backspace key - everyone makes mistakes
        password = password[:-1]
        continue
    password += char.decode('utf-8')
    msvcrt.putch(b'*')  # These aren't the characters you're looking for 👀

Authenticate with getch and pwinput

If you are looking for a solution that works like a charm regardless of the platform or need more flexibility with your input, you might want to check out the getch module from PyPI or the pwinput module:

import getch
password = ""
# Let the showdown between user and password begin! 🤠
char = getch.getch()
while char not in ('\r', '\n'):
    if char == '\b':  # We're allowing u-turns
        password = password[:-1]
    else:
        password += char
        print('*', end='', flush=True)  # That's one small asterisk for user, one giant relief for security
    char = getch.getch()
print()

# pip install pwinput for wall to wall compatibility
import pwinput
password = pwinput.pwinput()  # Smooth operator, operates correctly 😉

pwinput even allows you to modify the mask character:

password = pwinput.pwinput(mask='🌟')  # Because not all stars wear capes

Advocate for security

Keep the secrets safe

When handling sensitive data, it's best to tread with care. Keep the passwords in checks and balances - avoid storing in plain text or in places that shout 'here be secrets', like logs. Use them transiently and consider encryption for longer-term storage.

Use the right tools

Consider incorporating libraries such as PyCryptodome for additional security layers when handling passwords. Always hash the passwords before you lock them up and use a trusted library for hashing like bcrypt or argon2. They won't disappoint!

Enhancing the user experience

Although asterisks and other characters add an extra layer of user comfort, remember they are just for show. The key to successful password secrecy is the hidden data transfer to your application.

Building strong password policies

Don't just secure passwords, super-secure them. Make getpass work hand in hand with strong cryptography libraries to maintain password integrity from the point of entry, during transfer and at rest—end to end protection.

explain-codes / Python / Getting a Hidden Password Input

Linked

How to get the ASCII value of a character



How to read a single character from the user?



Convert Unicode to ASCII without errors in Python



Regex for password must contain at least eight characters, at least one number and both lower and uppercase letters and special characters



How do I read from stdin?

