Recently I ran across a unique way of authenticating users in PL/SQL applications. Usually when I create a PL/SQL application which requires authentication, I end up using the default DAD (data access descriptor) authentication method. I've gotten sick of the pop-up username/password prompt and I wanted to create custom log in pages like I do for my JSF apps. This newly found authentication mechanism allows me to do so.
Take a look at the link asktom.com Q&A ... of course it is from asktom.oracle.com. It describes the methodology that Oracle uses for "retaining" user passwords and how you can create a log in screen which accepts the defacto username/password and then use a stored procedure to check the validity of the user.
It is worth a look if you'd like to do away with the DAD authenication.