Read it from the TTY:
if terminal=$(tty < /dev/tty || tty || tty 0<&1 || tty 0<&2) 2> /dev/null
then
echo "Enter password: " > "$terminal"
IFS= read -r password < "$terminal"
else
echo "There is no terminal to read a password from." >&2
exit 1
fi
This tries to get the terminal associated with /dev/tty
, or stdin/stdout/stderr if the OS doesn't support it, and uses it to read and write directly to the user.
If it doesn't have to be portable, e.g. when using use Bash on Linux or FreeBSD, you can simplify and improve this:
if ! IFS= read -rs -p "Enter password: " password < /dev/tty 2> /dev/tty
then
echo "Password entry failed"
exit 1
fi