In Citizen Four, we saw Snowden use the following head blanket:
This doesn't look like a reasonable solution for casual situations, but it makes me wonder - what is the state of the art on reading keystrokes based on vision? Is there any research on an automated system that would read the keystrokes and in case of an imperfect read maybe match them against dictionary words? How reliable could such system be and what technical limitations would it have?
Any camera that is able to capture images at a good frame rate would make his password visible when the video is reproduced in slow motion.
As you say about passwords being matched in a wordlist, it would not be so effective, since passwords can be (and should be !) random strings mixed with numbers and other special chars.
But, even if some of them are not completely visible, you can use for example, in the case of a hash recovery, an attack called mask attack
Hashcat and john the ripper for example have this kind of attack implemented. It works as you giving a mask, for example:
potato?d?d?d?d
It means, try potato + ALL combinations of numbers (?d), from 0 to 9. Since there are 4 occurrences of ?d, it will try all from potato0000, to potato9999.
