At that point, it gets a little silly honestly. If you can modify the login page to have a login form, then you can also modify it to bypass any type of security system you could ever dream up. The GP here seems to want the support forum to have an independent password. Even if they did that, if we're completely changing the login form, you could change it to say "due to new security features, you now log into our forum using your master password, please enter it below". So exactly what is it that they should do, and how would that be more secure than what they're doing now?