If someone inserts a physical dongle between your keyboard plug and the computer directly (ie. an inline connection) such a device would be almost imperceptible and would evade physical and software detection.
However, if you have software running on your computer, it can detect keyboard API events sent by the keyboard driver OR the interface -also detect mouse events and the timing between events.

(Keypress timing data is a key tool in user identification)
Also many programs can take on screen snapshots a pre-programmed intervals with varying frequency -ie tied to how fast you type, activity/inactivity, whole screen or just active window)
With enough data on you, they would be able reduce a million password possibilities to a few probabilities.