the authenticate user behavior doesn't save the user name and password on login, by default it will only save the userID on login success, but you aren't asking about login success you are asking about login failure.
since you want to maintain the user name and / or password in the form if login fails but one of them where correct, you need to lookup whether they where correct using a recordset, then save into a session variable.