diff --git a/docs/man/sudoers.5.man b/docs/man/sudoers.5.man
index 49e226188..ad8c78684 100644
--- a/docs/man/sudoers.5.man
+++ b/docs/man/sudoers.5.man
@@ -769,7 +769,7 @@ When pwfeedback is set, sudo will provide visual feedback when the user
 presses a key.
 Note that this does have a security impact as an onlooker may be able to
 determine the length of the password being entered.
-This flag is off by default.
+This flag is on by default.
 .RE
 .IP \[bu] 2
 rootpw
diff --git a/docs/man/sudoers.5.md b/docs/man/sudoers.5.md
index 569a4d47f..6740af4e0 100644
--- a/docs/man/sudoers.5.md
+++ b/docs/man/sudoers.5.md
@@ -386,7 +386,7 @@ sudo's behavior can be modified by Default_Entry lines, as explained earlier.  A
 
 * pwfeedback
 
-  By default, sudo reads the password like most other Unix programs, by turning off echo until the user hits the return (or enter) key.  Some users become confused by this as it appears to them that sudo has hung at this point.  When pwfeedback is set, sudo will provide visual feedback when the user presses a key.  Note that this does have a security impact as an onlooker may be able to determine the length of the password being entered.  This flag is off by default.
+  By default, sudo reads the password like most other Unix programs, by turning off echo until the user hits the return (or enter) key.  Some users become confused by this as it appears to them that sudo has hung at this point.  When pwfeedback is set, sudo will provide visual feedback when the user presses a key.  Note that this does have a security impact as an onlooker may be able to determine the length of the password being entered.  This flag is on by default.
 
 * rootpw
 
diff --git a/src/defaults/mod.rs b/src/defaults/mod.rs
index 36fef87ad..475f114ed 100644
--- a/src/defaults/mod.rs
+++ b/src/defaults/mod.rs
@@ -39,7 +39,7 @@ defaults! {
     match_group_by_gid        = false  #ignored
     use_pty                   = true
     visiblepw                 = false  #ignored
-    pwfeedback                = false
+    pwfeedback                = true
     rootpw                    = false
     targetpw                  = false
     noexec                    = false
diff --git a/src/sudoers/policy.rs b/src/sudoers/policy.rs
index c22d91540..09fe55b6d 100644
--- a/src/sudoers/policy.rs
+++ b/src/sudoers/policy.rs
@@ -194,7 +194,7 @@ mod test {
                 allowed_attempts: 3,
                 prior_validity: Duration::minutes(15),
                 credential: AuthenticatingUser::InvokingUser,
-                pwfeedback: false,
+                pwfeedback: true,
                 password_timeout: Some(Duration::seconds(300)),
             },
         );
@@ -211,7 +211,7 @@ mod test {
                 allowed_attempts: 3,
                 prior_validity: Duration::minutes(15),
                 credential: AuthenticatingUser::InvokingUser,
-                pwfeedback: false,
+                pwfeedback: true,
                 password_timeout: Some(Duration::seconds(300)),
             },
         );