" ...and take appropriate action without revealing information about the password to the potential attacker?"
You might be making an assumption that is not (or should not be) true, which is the system knows the plaintext password, or how the specific user constructs their passwords.
For a correctly working password system the only information the system should know is,
`if the current password guess matches or not`
It's the fundemental idea behind the original *nix password system, which many modern password systems appear to have forgoten in order to get "more security" (to prevent users re-using passwords etc).
Ignoring for a moment this and Rogers (@9:21PM) other major point about storage of the "attempts".
What you are looking for is a (Delphinic) oracal combined with a Turing test.
Both are problems that Hard AI has not solved and arguably cannot solve without the use of quantum computing (see info on Roger Penrose and his search for Quantum structures in the Human Mind).
This only leaves a statistical analysis of the "supposed user" input.
Thus the question falls back to what you are trying to do,
1, Help the user remember.
2, Help the user guess
In the first case you can model human behaviour on past experiance in the "general" or "specific" case. The "specific" case would reveal meta knowledge of the user and thus their password which would aid an attacker. The "general" is unlikley to be of help as it would only do what the attacker should be doing anyway which is to guess the password.
The second case of guessing can be reworded as,
How do you work towards an "unknown" from a zero knowledge postion.
Which is a more restricted case of the problem cryptographers face when faced with a new cryptogram.
To which the answer should be `only by brut force search or random guess'.
Thus anything else does reveal something about the password or the user of the password. Both of which in theory (and practice) will help an attacker get the actual password.