Observation is one of the principal means of compromise of authentication methods relying on secret information such as PINs and login/password combinations. Attackers can gather this information via observation, either from without by methods such as shoulder surfing and camera-based ATM skimmers, or from within by methods such as keystroke loggers and button-overlay-based ATM skimmers. Though these vulnerabilities of PIN/password based authentication mechanisms are well known, they have been difficult to correct due to the prevalence and general acceptance of such systems -- they are used in essentially all ATMs, mobile device locking mechanisms, and most web-based authentication schemes. It is difficult to avoid at least the occasional use of untrusted public terminals and devices and the unlocking of one's mobile device in public. We therefore present our research into devices and techniques for mitigating the threat of credential compromise when doing so. These include haptic and auditory mechanisms for password entry into public terminals, mobile device tools for turning one's mobile device into an observation-resistant password entry system, and strategies and tools for secure password entry in the presence of keyloggers and other input recording devices. These techniques can successfully evade observation even when one does not have administrative control of the terminal, as in the case of internet cafe computers and public ATMs.