You shouldn't be using a ModelForm for this: they are for creating new instances or editing existing ones. Another problem is that passwords are stored in hashed form in the database, so the password entered in the form would not match the version in the db.
There is an AuthenticationForm in django.contrib.auth that you should use which takes care of all this.