I accidentally typed my password into the login field, is it still secure?
The concern is whether your password is recorded in the authentication log.
If you're logging in on a text console under Linux, and you pressed Ctrl+C at the password prompt, then no log entry is generated. At least, this is true for Ubuntu 14.04 or Debian jessie with SysVinit, and probably for other Linux distributions; I haven't checked whether this is still the case on a system with Systemd. Pressing Ctrl+C kills the login process before it generates any log entry. So you're safe.
On the other hand, if you actually made a login attempt, which happens if you pressed Enter or Ctrl+D at the password prompt, then the username you entered appears in plain text in the authentication logs. All login failures are logged; the log entry contains the account name, but never includes anything about the password (just the fact that the password was incorrect).
You can check by reviewing the authentication logs. On Ubuntu 14.04 or Debian jessie with SysVinit, the authentication logs are in /var/log/auth.log.
If this is a machine under your exclusive control, and it doesn't log remotely, and the log file hasn't been backed up yet, and you're willing and able to edit the log file without breaking anything, then edit the log file to remove the password.
If your password is recorded in the system logs, you should consider it compromised and you need to change it. Logs might leak for all kinds of reasons: backups, requests for assistance… Even if you're the only user on this machine, don't risk it.
Note: I haven't checked whether Ubuntu 16.04 works differently. This answer may not be generalizable to all Unix variants and is certainly not generalizable to all login methods. For example OpenSSH does log the username even if you press Ctrl+C at the password prompt (before it shows the password prompt, in fact).
In your case, you are safe - you've typed in a password and cancelled out of it. A password typed into login prompt followed by wrong password will be considered failed authentication and is partially recorded to btmp log. For tty console that's however alright.
$ sudo lastb
[sudo] password for xieerqi:
UNKNOWN tty1 Mon Apr 25 22:14 - 22:14 (00:00)
The "accidentally" typed password was recorded as UNKNOWN, so all good here. However, the failed authentications at the GUI login screen do show failed login entries unobfuscated
$ sudo lastb
[sudo] password for xieerqi:
hellowor :1 :1 Mon Apr 25 22:17 - 22:17 (00:00)
UNKNOWN tty1 Mon Apr 25 22:14 - 22:14 (00:00)
Is there anything good about that ? Well . . .The attacker would have to have access to your system in the first place, even more so - he/she would have to have root access in order to read the btmp log. Which also means for a single user computer - that's equivalent to having your password stolen already so that entry is of no use to the attacker anyway if they know your password. The password in the entry, you can deduce already, has only partially been recorded, but that gives quite a fair advantage for an attacker, so there's nothing good about that part
Should you change the password ? Probably, just to be 100% sure.On the other hand, an attacker would have to have access to your btmp log which is the same as having access to /etc/shadow , so there's no real advantage to it .
Side note:All the output from my Ubuntu 14.04