What we can't yet know is whether it's a database passowrd and which DBMS, what operating system it runs on, what user interface it is meant to run on, or whether its a website login. Whether the option for bew user registration needs to be available. Whether the program has to validate the username and password or just return it unvalidated. If yes, then how it should react to failed logons. All of these factors and an infinity of other possibilities would change what the program has to do and therefore what has to be written.
^M Free your mind!