According to a forthcoming conference paper by some Berkeley researchers, a ten-minute audio recording of a someone typing text on a standard computer keyboard can be analysed to recover up to 96% of the text typed. Works for passwords too, since you ask. For a plain-English explanation of how it’s done, see here.