The lognopassword variable determines whether non-echoed input, such as passwords, is written to the I/O log file when I/O logging is active.

Starting with version 7.0.0, all input and output is logged until a password prompt is recognized on stdout. Password prompts to recognize must be listed in the policy language list variable passwordloggingprompts which defaults to {"Password:", "password:", "Passwd:", "passwd:"} for v7.0.0 to v7.5.0, and to {"Password", "password", "Passwd", "passwd"} for v7.5.1 and later.

After a password prompt is recognized, non-echoed stdin is not logged until a newline is received, or until input exceeds 80 characters.

lognopasswd = boolean;
true Do not log passwords (or other non-echoed input).
false Log all input keystrokes. This setting is the default.

The initial lognopassword value comes from the settings file. If passwordlogging is set to never, lognopassword is set to true and becomes read-only.

lognopassword = true;

For more information, please see passwordloggingprompts.