I've on ACP put 20 as Login attempts, but if I make a mistake on login it appears:
*You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to solve the CAPTCHA below.
*But the strangest thing is that I just made a mistake once...
Then I've installed this extension: https://www.phpbb.com/customise/db/extension/reset_login_attempts_3/
So I could reset the login. But that extension show this message:
The selected user does not have any failed login attempts to reset
How strange... So I think that it may be a phpBB bug.