What if when you made a password you could declare three characters that were FAKE?

!

So the system would record your last password entry as well as your actual password, and compare the two.
So let's say your password was methaisbuttabcbutt, and you declared the abc as fake.
The next time you logged in you could type methaisbuttfffbutt, and that would grant entry.
Or methaisbuttzzzbutt, and that would grant entry.
But if you typed methaisbuttabcbutt, it would NOT grant entry, because it was the same as the last entry.

You would also need to have a basic lockout function after X attempts, of course, where X > 1 and X << let's say 100 (or a metric square buttload). This would totally work, folks.

Universal surveillance.