[GekkePrutser]

Just wanted to add that this is generally referred to as the "Evil Maid" scenario in case someone wants to Google it.

It can be mitigated somewhat with secure boot, tpm technologies etc but due to the breadth of possible attacks it's really hard to do against a serious attacker.

Even the sound of the keyboard is often enough to give your password away.

[jkepler]

Or encrypt the boot partition. Libreboot supports this.

(Though to be fair, Libreboot only runs on a very limited number of old devices).

[mikepurvis]

No amount of software complexity defeats a hardware keylogger, though... or like, a no-touch version of that, such as a spycam in the room that records the sight and sound of you typing your password.

[vbezhenar]

Security token defeats all that.

[markenqualitaet]

And glitter nail polish :)