Could keystroke timing improve security on a password?

The term you are looking for is "keystroke dynamics" or "keystroke biometrics" and is an interesting and growing field.

The idea is that an individual types certain keys in a certain way that does not change much over time. If you can map those dynamics, then you could, potentially, do away with passwords altogether and simply get the user to type anything.

I think it would be very, very annoying to legitimate users of your application or website. Things like a broken finger, or just holding a sandwich in one hand, would make your login unusable. Additionally, you should encourage the use of password managers, which will either send keystrokes extremely quickly, or will not send keystrokes at all. Your scheme would probably prevent even the best password managers from working.

There's some good, some bad, and some REALLY ugly in here.

The Good
It increases a passwords entropy and makes it harder to brute force

The Bad
It is based on something that can be audibly recorded and timed and needs fault tolerances meaning something only has to be close enough to render this moot

The REALLY ugly
People change over time. For a multitude of reasons(injury, age, forgetting how the pattern goes) they may no longer be able to enter it at that same exact speed and frequency or within tolerances anymore and then it actually harms a users ability to use the service

So while a cool idea and an interesting field, it's really nothing more than hard for human to maintain entropy on the password. Worse yet it's easy to recreate the pattern with machines. It will make it harder to hack without prior knowledge of the person or pattern, but it could also worsen a user's experience with your service over time and make it easier to gather local information about the password entropy.