We use ldap auth (so accounts are created on demand after a successful login). When an existing user fails to login in it shows up in people/logs/. However, if a user has never logged in successfully before there is no entry in people/logs/. If one digs around on the server there is an access log entry:
[Thu, 07 Jan 2016 10:19:30 -0500] 6876 hostname.example.org 10.2.1.74 - PhabricatorAuthLoginController - /auth/login/ldap%3Aself/ - 200 253854
But that doesn't show which username was used either. As an administrator I can't tell (from phabricator) if the user is using the wrong username, the wrong password, or is so confused they were trying to log into something else and just blamed phabricator. If someone was trying to login as non-existant accounts like admin,root,etc it might be useful to surface that.