diff --git a/messages/display.json b/messages/display.json
index f4f77ffc..9f666160 100644
--- a/messages/display.json
+++ b/messages/display.json
@@ -2,5 +2,6 @@
   "description": "displays information about a user of a scratch org\nOutput includes the profile name, org ID, access token, instance URL, login URL, and alias if applicable.",
   "examples": ["sfdx force:user:display", "sfdx force:user:display -u me@my.org --json"],
   "accessTokenError": "This command doesn't accept an access token for a username.",
-  "accessTokenAction": "Specify a username or an alias."
+  "accessTokenAction": "Specify a username or an alias.",
+  "securityWarning": "This command will expose sensitive information that allows for subsequent activity using your current authenticated session.\nSharing this information is equivalent to logging someone in under the current credential, resulting in unintended access and escalation of privilege.\nFor additional information, please review the authorization section of the https://developer.salesforce.com/docs/atlas.en-us.234.0.sfdx_dev.meta/sfdx_dev/sfdx_dev_auth_web_flow.htm"
 }
diff --git a/src/commands/force/user/display.ts b/src/commands/force/user/display.ts
index d24fc3d6..8441b5ce 100644
--- a/src/commands/force/user/display.ts
+++ b/src/commands/force/user/display.ts
@@ -97,6 +97,8 @@ export class UserDisplayCommand extends SfdxCommand {
       result.password = userAuthData.password;
     }
 
+    this.ux.warn(messages.getMessage('securityWarning'));
+    this.ux.log('');
     this.print(result);
 
     return result;