diff --git a/src/user/password.js b/src/user/password.js
index d644fd2e8f..bf39d029d0 100644
--- a/src/user/password.js
+++ b/src/user/password.js
@@ -33,7 +33,16 @@ module.exports = function (User) {
 			function (next) {
 				Password.compare(password, hashedPassword, next);
 			},
-		], callback);
+		], function (err, ok) {
+			if (err) {
+				return callback(err);
+			}
+
+			// Delay return for incorrect current password
+			setTimeout(function () {
+				callback(null, ok);
+			}, ok ? 0 : 2500);
+		});
 	};
 
 	User.hasPassword = function (uid, callback) {