then you can prefix any sensitive command (e.g. a command that contains a password - although that is considered bad for other reasons) with a space character in order to suppress it from the history list. (I use this.)
You can also set HISTIGNORE to a suitable value in order to achieve more nuanced suppression. (I haven’t tried this.)
You can set HISTSIZE to 0 to suppress everything from the history list, but few users would want that.
My preferred default is the OpenBSD default of only having a history for the duration of the active session. As soon as the terminal is closed, a log out, or a reboot happens, the history does not persist.
Haven’t bothered to look into the settings to make this so, but it is definitely my preferred default of the systems I’ve encountered.
Probably set HISTFILESIZE to 0. So you still get the full functionality of the history list but it is not persistent. Or you can unset HISTFILE (for effectively the same result other than that with the former the file will exist but be empty).
The truly paranoid would require encrypted swap though in addition, since otherwise the non-persistent history list could end up persistent in the swap.
