Authentication system in general is bit more complex than a simple password validation. It usually means that the user, once authenticated, will have an account on the backend, and can access to the account on which they have authenticated for. That would mean that you need to have a backend for the user accounts and an API which will do the password check for the users. and once authenticated, will give access to the user to only their account.
In your case, you just want that the user gets access to the chatbot’s conversation. In that case, you need to have an API for password check, which will take the user’s credentials (email/username and password), from within the chatbot and validate it using that API. and then use the conditional jump to check the response of the API and take the user to one or another gambit. A Deadend gambit or a re-try login gambit, if the authetication is invalidated, OR to the real conversation if all good.
This is same as what @Levi suggested, but you are asking the user for the password one more time, within the conversation to make sure it cannot be used by someone with the URL of the chatbot, or the unique userid of some other account.