Assuming the login page consists of username and password fields, the testing starts with various combinations of the same like incorrect username & correct password, correct username & incorrect password etc. and we can do GUI, security and ofcouse the Functional Testing on the same.
But is there any special intention for you to ask this basic question?
You can consider as many negative test cases as your schedule and budget provides you.
Try and find out how many validation has been incorporated in the login functionality and make your test cases according to that.
Apart from that you can also consider the encryption methodology used in coding....i.e. ROT13 or something else