If one can't enter it spontaneously, one can't enter it, period. They must be capable of entering it whenever is needed, otherwise it's pointless, isn't it? What I mean is that the guy who knows the password, must be capable of repeating the right movements. He can't tell what the password is, but he can repeat the movements, and you can record such movements, and repeat them yourself afterward. The only problem is only if you use non-standard keyboards each time, making it harder to learn to repeat said movements, since you miss the hardware, but it isn't an impossible obstacle.
You need the appropriate equipment, but it's definitely possible to extort it from human beings.
Even in the paper, they don't directly address this. If you can record the movements of the password holder, and you have access to a device with the same structure (even only the external structure, as that is all you need to get the required feedback), you can learn the password. You just need to ask the subject to repeat multiple times the password, record it multiple times to see if there are any differences (if there aren't, you can be sure that it is a sequence he knows, not something he is making up on the spot), and go with the most consistent one.
It only works against conventional measures not ones thought specifically for this method.
You need the appropriate equipment, but it's definitely possible to extort it from human beings.
Even in the paper, they don't directly address this. If you can record the movements of the password holder, and you have access to a device with the same structure (even only the external structure, as that is all you need to get the required feedback), you can learn the password. You just need to ask the subject to repeat multiple times the password, record it multiple times to see if there are any differences (if there aren't, you can be sure that it is a sequence he knows, not something he is making up on the spot), and go with the most consistent one.
It only works against conventional measures not ones thought specifically for this method.