Authentication Security mechanism shouldn't be triggered by empty username

When the authentication is performed with an empty username it's possible that it triggers the security mechanism: this might lead in some edge cases to the systematic display of CAPTCHA. We should never trigger the security mechanism for empty logins.