My inclination is to ask 'why bother with passwords'?
If you have a user table which contains their Windows Login ID (NOT their Windows password), when they try to open the db, use fosUserName() (search for this simple function) and to keep it simple, DLookup the table for that value. If it isn't found, they don't get in.
If you're really so into passwords, then don't show them all the table values. Your form must have a user name field, no? Restrict the view to the password record for that user and don't have navigation controls on the form. Base the form on an updatable query, not the table, and filter the query via the login form user name. I stopped using login passwords long ago and nobody could get in if they weren't in the table. Of course, I had to make sure they couldn't access the tables, but that's another topic.
The more we hear silence, the more we begin to think about our value in this universe.
Paraphrase of Professor Brian Cox.