As warm-blooded mammals, humans routinely leave thermal residue on various objects with which they come in contact. This includes common input devices, such as keyboards, that are used for entering (among other things) secret information: passwords and PINs. Although thermal residue dissipates over time, there is always a certain time window during which thermal energy readings can be harvested from input devices to recover recently entered, and potentially sensitive, information. To-date, there has been no systematic investigation of thermal profiles of keyboards, and thus no efforts have been made to secure them. This is the main motivation for designing Thermanator -- a framework for password harvesting from keyboard thermal emanations. In this talk, we introduce Thermanator and show that several popular keyboards by different manufacturers are vulnerable to thermal side-channel attacks. Thermanator allows us to correctly determine entire passwords tens of seconds after entry, as well as greatly reduce password search. The latter is effective even as late as 60 seconds after password entry. Furthermore, we show that thermal side-channel attacks work from as far as several feet away. Our results are based on extensive experiments conducted with a multitude of subjects using several common keyboards and many representative passwords. We demonstrate thermal side-channel attacks using a thermal (FLIR) camera. We also describe a very realistic "Coffee-Break Attack" that allows the adversary to surreptitiously capture a victim's password via the thermal side-channel in a realistic multi-user office setting or in a public space.