One way would be to track unsuccessful logins in your user information. For example if your users are stored in an SQL database, add a column "unsuccessful logins".
You would need to write your own custom login module for that though. Yet that's probably easier than writing your own security interceptor.
Disclaimer: just my view ... will implement precisely that soon for my LDAP users