You could brute force all possible changes but that could take quite a while for longer passwords, you probably don't want to do that in production on every login.