That person would need to be able to see the system/User object so it can see the failed logins. Do note that giving that user those access rights gives him serious power. Other option would be to create non persistent objects and copy all the data over to the non persistent objects to show that to the user. But if you have many accounts that might not be a viable option. You then might want to create persistant shadow objects. But do note that you need to sync the data.
You can create your own microflow and use that instead of the signin button (you'll also have to create a non-persistent object to be able to use the username/password). You can use the "System.VerifyPassword” java action to verify the username and password, if incorrect create a logging object of some sort. If it is correct call a custom request handler to login the user (for example, see the password forget module).