You can opt to log users' attempts to login to Craft to prevent brute-force attempts. Use the checkInvalidLogins configuration setting to manage this.
Important: You must also enable storeUserIps (opens new window) in your general.php file.
Using the template configuration setting, you can provide a path to your own custom template, shown to users when they try to login. A very simple example might look like the following:
<form method="post" accept-charset="utf-8">
<input type="hidden" name="action" value="knock-knock/default/answer">
<input type="hidden" name="redirect" value="{{ redirect | hash }}">
{{ csrfInput() }}
<label for="password">Password</label>
<input id="password" type="password" name="password" autocomplete="off" placeholder="Password" autofocus />
<button type="submit" name="unlock" value="Unlock">Unlock</button>
{% if errors is defined %}
<ul class="errors">
{% for error in errors %}
<li>{{ error }}</li>
{% endfor %}
</ul>
{% endif %}
</form>
You can also look at the template Knock Knock itself uses here (opens new window). When using a custom template, be mindful to include all the provided <input> elements, taking note of the name attributes for each. Otherwise, you have complete control over the look and feel of this form.