I guess one way to look at it is that any user input can be considered non-deterministic since people make mistakes, like a typo or forgetting which password they used. So even though the credential validation is deterministic, the user entry is not.