The easiest method would be to require secure login. That would remove the "Username" box, "Password" box, and "Log in" link, replacing them with a button that says "secure login".
You can enable this in admin under "general settings" - "security options"
Check "Use HTTPS for users' login and registration:" and "Use secure login form on a separate page (HTTPS):" and uncheck "Do not redirect customers from HTTPS to HTTP:"
You can move the "Register" link, and "Recover password" link, perhaps to the secure_login.tpl, or keep them where they are. I usually leave it.
I usually remove the "If java script disabled click here" link entirely and put a "noscript" warning that JavaScript must be enabled with a link to a static page that tells the customer how to enable it in the different browsers (good customer service). I put this in welcome_tpl right after {$lng.txt_welcome}
Code:
<noscript>
<font color="red">Javascript should be enabled in your web browser to assure proper functionality of the shopping cart.</font>
<a href="http://www.yourwebsite.com/your-static-page.html"><b>Click Here</b></a>
<br /><br />
</noscript>
This makes it invisible if JavaScript is already enabled, and warns the customer they need to if it is not. A much better solution than allowing the customer to not use it, I think.
OK, now that everything has been moved or taken care of, we have a "secure login" button and a "register" button. Once the user logs in however, the "login" button is going to want to change to "Username - You are logged in - "logout" button. You will have to check if this appears how and where you want it. You can edit it in authbox.tpl.
This is just a guideline and you may want to do things differently. Some people just make a "login" button that takes them to h ttp://www.yourwebsite.com/error_message.php?login_incorrect but I think that looks very unprofessional, but it works.