Thank you Peter, that is much appreciated!
About the challenge regarding “how wrong is too wrong?”, or “how close is close enough?,” you are right that such questions are not easily answered.
Another option is to use a scale that the website administrator can set from “least likely typing mistakes” to “most likely typing mistakes” but this would require a model with knowledge about which typing mistakes were more likely to happen than others.
But I believe that in most cases, site administrators would be happy to have at least some leeway there. Even if the algorithm would not work perfectly and generated username mistypes that rarely occurred in real life, this would still be a security improvement over completely disabling the feature.
