Re: Local access and you get ever so much!
> If they could monitor the server's traffic they could see the pauses directly.
Which is a much bigger hole than this one. Even someone *listening* to your typing can attack this way.
Solution: use a password manager for all your passwords. Then you paste them in one big splurge, with no gaps. This is an easy and comprehensive solution, and of course lets you use strong random passwords too.
Using RSA/EC private key authentication for ssh helps too - but you're still going to end up typing some passwords over ssh sessions (e.g. sudo password)