They normally don’t. The extra time is added to make it take longer for someone trying to guess a password to succeed. Sometimes the time will even get longer the more wrong guesses you make.

I have found just the opposite. A wrong password is instantly rejected by the first security check. The correct password opens the gate, the program launches, data begins to download. It’s like a club: the bouncer knows instantly that you’re not the type he’s supposed to let in. If you’re okay, he double-checks to make sure he is making the right decision, and grudgingly lets you pass. And even then, it takes a while to get to the bar.

To slow down people who are trying to guess the password over and over again.

Sometimes the delay gets absurdly long when there are a lot of wrong guesses, or worse. There has to be a penalty for wrong password guessing to discourage this sort of thing.

When this occurs it’s happening deliberately. There’s nothing specific about a right vs wrong password that would take different amounts of time.

A delay is often deliberately programmed into the password prompt to slow down brute forcing attempts. In others to prevent hackers from trying thousands of passwords a second.