diff --git a/man/crypttab.xml b/man/crypttab.xml
index c048cd64c2..e98151ca75 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -531,8 +531,9 @@
       <varlistentry>
         <term><option>silent</option></term>
 
-        <listitem><para>If the encryption password is read from console, no asterisks will be shown
-        while typing the password.</para></listitem>
+        <listitem><para>If an encryption password or security token PIN is
+        read from console, no asterisks will be shown while typing the pin or
+        password.</para></listitem>
       </varlistentry>
 
       <varlistentry>
diff --git a/src/cryptsetup/cryptsetup-fido2.c b/src/cryptsetup/cryptsetup-fido2.c
index 6e400e44e3..7e347f4bf0 100644
--- a/src/cryptsetup/cryptsetup-fido2.c
+++ b/src/cryptsetup/cryptsetup-fido2.c
@@ -26,9 +26,10 @@ int acquire_fido2_key(
                 bool headless,
                 Fido2EnrollFlags required,
                 void **ret_decrypted_key,
-                size_t *ret_decrypted_key_size) {
+                size_t *ret_decrypted_key_size,
+                bool silent) {
 
-        AskPasswordFlags flags = ASK_PASSWORD_PUSH_CACHE | ASK_PASSWORD_ACCEPT_CACHED;
+        AskPasswordFlags flags = ASK_PASSWORD_PUSH_CACHE | ASK_PASSWORD_ACCEPT_CACHED | (silent*ASK_PASSWORD_SILENT);
         _cleanup_strv_free_erase_ char **pins = NULL;
         _cleanup_free_ void *loaded_salt = NULL;
         const char *salt;
diff --git a/src/cryptsetup/cryptsetup-fido2.h b/src/cryptsetup/cryptsetup-fido2.h
index 76ec28b3b1..a762311681 100644
--- a/src/cryptsetup/cryptsetup-fido2.h
+++ b/src/cryptsetup/cryptsetup-fido2.h
@@ -26,7 +26,8 @@ int acquire_fido2_key(
                 bool headless,
                 Fido2EnrollFlags required,
                 void **ret_decrypted_key,
-                size_t *ret_decrypted_key_size);
+                size_t *ret_decrypted_key_size,
+                bool silent);
 
 int find_fido2_auto_data(
                 struct crypt_device *cd,
@@ -56,7 +57,8 @@ static inline int acquire_fido2_key(
                 bool headless,
                 Fido2EnrollFlags required,
                 void **ret_decrypted_key,
-                size_t *ret_decrypted_key_size) {
+                size_t *ret_decrypted_key_size,
+                bool silent) {
 
         return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
                                "FIDO2 token support not available.");
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index f0826c47e5..024909f733 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -809,7 +809,8 @@ static int attach_luks_or_plain_or_bitlk_by_fido2(
                                 until,
                                 arg_headless,
                                 required,
-                                &decrypted_key, &decrypted_key_size);
+                                &decrypted_key, &decrypted_key_size,
+                                arg_silent);
                 if (r >= 0)
                         break;
                 if (r != -EAGAIN) /* EAGAIN means: token not found */