diff --git a/news/6489.bugfix b/news/6489.bugfix
new file mode 100644
index 00000000000..a5eb4f9c1ee
--- /dev/null
+++ b/news/6489.bugfix
@@ -0,0 +1 @@
+Hide passwords in output when using ``--find-links``.
diff --git a/src/pip/_internal/index.py b/src/pip/_internal/index.py
index b524c060529..8ee5c317efe 100644
--- a/src/pip/_internal/index.py
+++ b/src/pip/_internal/index.py
@@ -663,7 +663,8 @@ def get_formatted_locations(self):
             )
         if self.find_links:
             lines.append(
-                "Looking in links: {}".format(", ".join(self.find_links))
+                "Looking in links: {}".format(", ".join(
+                    redact_password_from_url(url) for url in self.find_links))
             )
         return "\n".join(lines)
 
diff --git a/tests/unit/test_index.py b/tests/unit/test_index.py
index ac1e45073d3..d75bb6c2a5b 100644
--- a/tests/unit/test_index.py
+++ b/tests/unit/test_index.py
@@ -183,14 +183,18 @@ def test_get_formatted_locations_basic_auth():
     """
     index_urls = [
         'https://pypi.org/simple',
-        'https://user:pass@repo.domain.com',
+        'https://repo-user:repo-pass@repo.domain.com',
     ]
-    finder = PackageFinder.create([], index_urls, session=[])
+    find_links = [
+        'https://links-user:links-pass@page.domain.com'
+    ]
+    finder = PackageFinder.create(find_links, index_urls, session=[])
 
     result = finder.get_formatted_locations()
-    assert 'user' in result
-    assert '****' in result
-    assert 'pass' not in result
+    assert 'repo-user:****@repo.domain.com' in result
+    assert 'repo-pass' not in result
+    assert 'links-user:****@page.domain.com' in result
+    assert 'links-pass' not in result
 
 
 @pytest.mark.parametrize(