It's not really possible without user participation. You have to send a reply with HTTP status 401 Authorization Required to the browser and tell the user not to enter any credentials. The other way is having them close all their browser windows.

Makeshifts last the longest.