Using the authenticate method would probably work in your case:
public static boolean authenticate(IContext context,
IUser user,
java.lang.String password)
throws CoreException
To prevent brute force attacks you could try to implement one of the the ReCaptcha widgets from the appstore