No, they say: "If you're connecting with -W to a server configured to allow you access via peer authentication you may think that it's requiring a password when it really isn't. And if the user you're logging in as doesn't have a password set or you enter the wrong password at the prompt you'll still be logged in and think you have the right password - but you won't be able to log in from other clients (that connect via localhost) or when logged in as other users."

Don't do that either, but -W will always ask for a password even when one is not required. Got a keylogger or someone watching over your shoulder, and they now have your password even if the server is not actually asking for it. All that insecurity just to, potentially, save a roundtrip to the server.

> Got a keylogger or someone watching over your shoulder, and they now have your password even if the server is not actually asking for it.

If this happens you've lost already, -W or not.

Why would I ever not want the server to require a password, though? Like, if your server ain't asking for a password at all, then why even bother with the keylogger?

Peer authentication for local postgres servers / poolers (authenticate using the OS users, doesn't work remotely, and yes, it's safe), kerberos / [gs]sspi authentication, client certificates.

Ah, right, forgot about those options.

Still, if you know that you're connecting to a server that's setup with password-based auth, then what would be the point of waiting? You'll inevitably have to provide a password as some point anyway, so the keylogger argument seems silly.

And if someone has the ability to install a keylogger on a machine that uses peer or certificate auth, then that someone almost certainly already has the ability to just connect directly using that same peer or certificate auth.

Postgresql supports authentication via TLS client certificate, which requires no password. Even then, a keylogger might be able to catch other secrets.