[eluser]TheFuzzy0ne[/eluser]
I agree. The solution will work. Fields should be validated individually, although custom callbacks can use other post fields, even though they are still only validating one thing.
I'd like to point out, however, that technically, logging in is not validation. I have my auth library do that for me, and my validation callbacks link to my auth library, which does allows me to check if the username is valid, and if the password matches.