Hi thanks for replying.
I use SS Authentication and i think SS has lock feature. Please have a look at MaxLoginAttempts.
var af = new AuthFeature(
() => new BabybusUserSession(), //Use your own typed Custom UserSession type
//HTML Form post of UserName/Password credentials
SessionExpiry = TimeSpan.FromDays(sessionDays)
af.MaxLoginAttempts = 2;