"On some login systems, the computer will check password characters one at a time, and kick back a "login failed" message as soon as it spots a bad character in the password."
If you do almost any sort of reasonable hashing or encryption algorthm on a password, this becomes a moot point, since the place that fails to match in the string will change. Are there still sites out there that don't do this? Really?
It is a little hard to picture, but think of it like this:
You're opponent goes in the past and kills your troops. In the present, suddenly, your troops start disappearing. You look down at the bottom of the screen and see your opponent screwing around in the past (it shows you where they currently are in time.) So you send some of your troops back to stop his attack. It is rather complex, but they make it work remarkably well.
You can even send a troop back in time to team up with itself.
1 1 was a race-horse, 2 2 was 1 2. When 1 1 1 1 race, 2 2 1 1 2.