This is an example application of a technique mentioned in the 'Challenge Hash' article at www.edesign.nl.
A simple login box:
Username = edesign
Password = secret
No login attempt yet...
Notice when you are 'logged in' and you refresh the page, re-logging in, it'll probably fail because the challenge string has been renewed.
Download the source of this page