There used to be this setting
That setting was ticked - but now I cannot locate it to untick it ? but its still doing it
How can I stop wp cerber from blocking people that try to log in with invalid username?
Thanks
Sarah
User Policy / Global Policy / section User Authentication option Logins with non-existent users are strictly forbidden The dropdown selector must be grey 
Thank you - that is reallyhelpful as to where that section moved to
However more puzzling its NOT selected and the admin got locked out for getting their username wrong…
a puzzle for me to sort
On the same page, right after this setting, you will find another parameter called (When you attempt to log in with a forbidden username)
With this option, you can choose either to simply cancel the login attempt for a user who mistyped their username, or to block the user and block their IP address in Cerber.
This is the setting that is currently blocking you.
Another point to watch closely: in the Global Policies and User Policies, the number of sessions refers to how many windows or browsers you can use simultaneously with the same account and the same IP.
Also check the login time / request limit, which determines how many requests you are allowed to use to log in. Again, this must be set to a realistic value.
These parameters are located in both Global Policies and User Policies.
By checking all these points, you should be able to achieve the desired behaviour.