[rexreed]

Long passwords with repeated characters are the easiest defeat on this "attack". A simple camera that records the actual keypresses is a much more sensical attack. After all, if you can present a thermal camera to the keypad, you can present an actual camera. Why use heat residue to "guess" keypresses with an 80-ish% accuracy rate at best, when you can record the actual keypresses, in the right order, including repeated characters with a much higher accuracy rate? The only possible use for this "attack" is for analyzing residual heat with a handheld thermal camera after the person is gone, but as mentioned, long passwords with repeated keypresses is the defeat as is simply holding your hand on the keyboard after the password is entered. If you can protect against a visual camera then that's more important.

[SketchySeaBeast]

Now we need a palindromic equivalent to "correct horse battery staple".

[layer8]

It already has four Rs, four Es, four Ts, and two As and Os. I think it’s fine.

[rexreed]

Well if you mean Anagram, here's one that works: "CYBERATHLETES REPORT ACTORS"

[SketchySeaBeast]

No, I meant palindrome, so that you end up repeating the same letters with little increase in memorization complexity, but that works too - throw together a few anagrams and you're golden.

[rexreed]

My favorite palindrome is "A man, a plan, a canal, Panama". Supposedly a reference to former US president Theodore Roosevelt and his quest for the Panama canal.

[lowercased]

"Put Eliot's toilet up" has stuck with me for years. As has 'I know a fat man called Ella C Namtafawonki'.