This is my small experiment of Covert Timing Channel attack using the simple example there.

• You may not want to try your real passwords although it's safe to do so ;)
• The last character is harder to guess by timing channel - not a surprise. Fortunately it's not needed there.
• Longer passwords are always safer.
• As of the time of writing, this attack doesn't work on Mozilla Firefox browser for it reduces time measurement precision by default. Good job Firefox!