Recent post on a usability list, about security when entering username/passowrds: “Actually, in our limited testing so far, any user data entry errors have been immediately and easily resolved by the user without help (other than the error message). What I see happen in testing is: (for example) a user enters a wrong number or password, they read the “error” message explaining the entered information was incorrect, the user re-enters correct information (carefully) and gains entry.”
Unless you are working from a Windows laptop that was previously connected to an extra keyboard and are now typing from the laptop keyboard (a typical scenario when logging in after taking your laptop away from the base station). In that case, you have to press a well hidden key combination or your keyboard will not function correctly: certain letters will show up as numbers. I was logged out from our network like this, on a Saturday. Worse than the caps lock key. One idea: if people misstype their password, give them an additional textfield to check their keyboard entry with their password, and explain how to fix keyboard problems. Like “Using a laptop? Type your password here (it will show up on the screen) to check your keyboard settings – they may change if you have unplugged an external keyboard recently or pressed the CAPS-LOCK key.” (and include how to fix it) This may be overkill though – I have no idea.