Roaming users who use untrusted machines to access password protected accounts have few good options. An internet cafe machine can easily be running a keylogger. The roaming user has no reliable way of determining whether it is safe, and has no alternative to typing the password. We describe a simple trick the user can employ that is entirely effective in concealing the password.