Except you don't have to. Just start typing your password.

Yes, that’s why it’s a bad implementation of a good idea.

Even if you had to, it's still a bad idea. Ctrl+Alt+Delete works, because no normal Win32 app can intercept this - so if you do it, and you see a login box, you know that this is the real thing.

But any app can go fullscreen and draw a fake login screen that you can swipe up to show a fake login form.