For the Basic/NTLM/file - prompt via form Results Authorization method, the user is directly prompted for a login by Webinator. Since authentication is handled by another server, when search results are denied access, Webinator cannot know if the denial is URL-based (lack of access by the user), or login-based (mistyped/wrong password).
To differentiate the two and give users a chance to correct mistyped passwords, a Login Verification URL may be set. This should be a URL that all users have access to, but that is still protected (ie. anonymous users are denied). It should be an actual file (not a directory), preferably small (a few KB), and permanent (not likely to move, be renamed or have perms changed).
If Login Verification URL is set, Webinator will verify a user's prompted-for login by accessing this page. Since all users have access to it, a denial is assumed to mean the login was incorrect, and the user will be re-prompted for their credentials. Without a Login Verification URL set, a mistyped password will result in no search results, but the user will not know if they do not have access to the results, or they merely mistyped their password.