A few days ago I was able to get my fingers on, and under, an infrared camera. I had already heard before that the thermal signature of fingerprints is visible for quite some time — but what surprised me was that we were still able to see them for over a minute…
My brother in law was taking a few photos with a thermal imager (a Fluke Ti400) for a publication and was kind enough to also take a few pictures for me. I wanted to see how sensitive the camera is by testing it with an unused number pad I had lying around. We did not have much time, so the following series of pictures were taken without any preparation, free hand, with a cheap numeric pad on a sheet of paper. They were taken at room temperature (around 20°C; all temperatures are in degree Celsius). In the photos the hottest and coldest spots are highlighted. A red-green-blue gradient resembles the temperature distribution in each photo (and differs between them, just in case you’re wondering).
Right after entering the four numbers the thermal signature (my fingerprints) were clearly visible. The correct sequence itself (1-5-6-9) is not really readable on the image. But already having the four digits reduces the number of possible combinations (here: 4! = 24) someone would have to try out to find the correct combination.
Conclusion: I always try to shield my hand when entering my PIN at an ATM or at any other occasion someone might look over my shoulder. The photos I’ve taken clearly show that this precaution the might not be sufficient in the future. Smartphone attachments (like the FLIR ONE) exist that might be used right after you’ve entered your PIN. I think you are still pretty safe, at least on ATMs, as most of them only allow a limited (three) number of retries. But in case of access codes on doors (home, hotel, …) that might be different.