A basic binary compare is a linear operation which is dangerous when comparing password hashes. If I wanted to know the hash of the users password I just need to look at how fast the comparison is failing and tweak my hash accordingly. 

This technique has been used successfully in many well known attacks and code to compare password hashes like this is widely used across the Internet.

In order to properly mitigate this attack you need to create a non linear string comparison. 

In the example below we are XORing the strings against each other and then adding them up. When you XOR a value against itself it will return you with a 0. When we add the list up any positive value is wrong (it failed our XOR).