Passwords are memorized secrets that can be lost, stolen or shared. For this reason, it is utterly impossible to identity for a fact who is authenticating with a username and a password.
To that effect, passwords only reach the lowest level of identity assurance per the NIST 800-63-3 guidelines, or IAL1. In other words, leveraging a password infers that no user identity evidence is collected in the process.