A better way
"When you do a string compare to check a password, for example, to make it efficient you usually start with the first character and work through in sequence. If you hit a wrong character you throw it out. By measuring the time taken to do the check, a side-channel scan can identify which characters have been accepted. So you can protect the password by not checking it in sequence"
Surely a simpler and cleaner way to do this is to always check all of the characters in the password, failing at the end if any characters were wrong. That way the test always takes the same time (for a given length of password) and no information is available from timing..