A potential workaround is N randomly generated characters . So the screen prompts typing in those random characters and asks the user to insert password letters at random intervals. tr#fdawdftjs (in that case the password was farts and the random stream/intervals were generated by the noises in my head). There are attacks on this based on repetition, potential sound differences in chosen letters, and bad or compromised RNGs. The ratio of noise to filler matters.