Hi 
I want to extend Auth Component.
- If user fails password 5 times, then lock the account.
- Users having high level can unlock the user.
So I want to extend Auth Component to add this lock stuff.
Could you give me best practices?
Thanks
You can check this
Thank you rrd 
Can I reset banned user with this plugin?
Actually I justwanted to show you a way to do it. The main thing is https://github.com/rrd108/rBruteForce/blob/master/src/Controller/Component/RBruteForceComponent.php
Using delay() at line 66 means the (malicious) user will get the response from the server slower and slower after each attempt.
So you can write your own or extend this if you want other things like reset banned users. I did not touched this plugin for almost a year, so I do not really remember, but my guess, currently there is no reset method. But I ampretty sure it is extremely easy to implement.
Really thank you for your reply.
I will try it!
If I have some problems or some suggestions, please let me send PullRequest