The linked paper says 5.7 bits of password entropy can be recovered by timing data; while the brute-force time will have changed in 22 years, this number should still be valid. An easy workaround is to use a password manager (a plain file as a minimum) and to copy/paste passwords in - though that might violate other security preferences.