# PW100

Matching inputs, secrets or tokens using the == operator is vulnerable to timing attacks.

## Example

```python
if password == "SUPER_SECRET": 
  proceed()
```

```python
if password == hash:
  proceed()
```

## Quick Fixes

* Plugin will recommend [Compare Digest Fixer](../fixes/comparedigestfixer.md).

## See Also

[Developer security best practices: protecting against timing attacks](https://blog.sqreen.com/developer-security-best-practices-protecting-against-timing-attacks/)