Securing the pre-login authorization - any ideas?

Ok, so after some hacker attacks I tightened security for my wordpress site. And now there is an authorization required in order to even access the login page (which I renamed, too - and login only works via CLEF).

Still I am not totally satisfied: First of all I would like to have a timeout, so that after two hours the pre-login is "forgotten" (even if the browser is not closed), second (and more importantly) I would like to avoid the possibility to save the password in the browser. I read that banks avoid it by naming the fields for name and password each time differently - so that the password could be saved but any saving is futile (as the field will not be there a second time to be filled out). Any way to achieve that via .htaccess?