Sometimes a user will enter their password in the userid field and this is sent to security for validation and rejected as an invalid userid. Subsequent successful signon also shows in the log. This is a potential security breach since these messages are all now visible to anyone reviewing the log.
User may type their userid and press enter instead of tabbing to password field. Signon is rejected. They continue by typing their password without realizing that they are back in the userid field, press enter and this is also sent to security. Signon again rejected.
Since there is no way to control what a user may type into a field, the workaround is to avoid having the security messages with visible password showing up in any logs.
You may also consider restricting who may view the TPX started task logs and the syslog.