My product has a prov_user (Provisioning - User) table that contains a record for each user allowed on the system. Among other items, the record contains the user's login ID, encrypted password, user state (Enabled, Disabled, and Suspended), user state change time stamp, and an invalid password count. Normally, the user state is Enabled. I have a web page which allows an administrator to Disable or Enable users. A value of Suspended means the user is temporarily prevented from logging in.
When the user logs in successfully, the code sets the invalid password count to zero. When the user provides an incorrect password, the code increments the invalid password count. After three consecutive failures, the code sets the user state to Suspended and sets the state change time stamp to the current time. Should the user provide the correct password while the state is Suspended, the code checks how long the user has been suspended. If the user has been suspended for at least 5 minutes (you may want to use another time interval), the code sets the state to Enabled, sets the state change time stamp, sets the invalid password count to zero, and logs in the user. Otherwise, the code tells the user that their account is temporarily suspended and to try again later.
Hope this helps....