1 comment

[ 27.7 ms ] story [ 772 ms ] thread
Probably the strong/weak indicator. Maybe it should be done client side in javascript. It might be possible to narrow the range of likely passwords by analysing the timings of the requests.