Yes. Add a "styleClass" attribute to the control and make its value be an EL expression based on whether the password is right, empty, or wrong.
Although actually telling someone that their password specifically is wrong is considered bad security practice if the password is being combined with other security tokens such as userIDs. In such cases, the recommended response is simply to indicate that one or more of the tokens is invalid. Otherwise, hackers know which tokens they have that work and don't need to do as much work to find the values of the remaining tokens.
Customer surveys are for companies who didn't pay proper attention to begin with.
when you keep a secret, the less information you give is the better, if you say "you password is wrong" at the same time the hacker says "ahh but the username is correct!" , then he just have to find the right password not both, or he can use this info that you leaked to find more usernames. For this reason is better just to say "Username or password incorrect"