Matching inputs, secrets or tokens using the == operator is vulnerable to timing attacks.
if password == "SUPER_SECRET":
proceed()if password == hash:
proceed()- Plugin will recommend Compare Digest Fixer.
Developer security best practices: protecting against timing attacks