Good point, but if they have to go to the OS, Duplicati needs to be able to pass them, not kill them.
The on-screen Username and Password fields are (we think) for SMB use. You can see remarks at
Local disk credentials issue where someone thought it was to change the user, for NTFS ACL use.