diff --git a/auth.py b/auth.py
index 07cf91af..317ca0bb 100644
--- a/auth.py
+++ b/auth.py
@@ -10,6 +10,7 @@ import base64
 import hashlib
 import binascii
 import os
+import secrets
 
 
 def hashPassword(password: str) -> str:
@@ -32,6 +33,7 @@ def getPasswordHash(salt: str, providedPassword: str) -> str:
                                   100000)
     return binascii.hexlify(pwdhash).decode('ascii')
 
+
 def verifyPassword(storedPassword: str, providedPassword: str) -> bool:
     """Verify a stored password against one provided by user
     """
@@ -54,6 +56,10 @@ def verifyPassword(storedPassword: str, providedPassword: str) -> bool:
     for ch in pwHash:
         if ch != storedPassword[ctr]:
             matched = False
+        else:
+            # this is to make the timing more even
+            # and not provide clues
+            matched = matched
         ctr += 1
     return matched
 
diff --git a/tests.py b/tests.py
index 7c5c2865..127d0c79 100644
--- a/tests.py
+++ b/tests.py
@@ -2084,6 +2084,7 @@ def testTranslations():
                 print(englishStr + ' is missing from ' + lang + '.json')
             assert langJson.get(englishStr)
 
+
 def runAllTests():
     print('Running tests...')
     testTranslations()