If you are receiving lockout notifications with your username, you are most likely under a brute force attack, and they're using your username.
If you have enabled the Magic Links feature, you will still be able to log in using the authorized link.
If you haven't enabled the Magic Links feature, you can add the code below into the wp-config.php file anywhere as long as it is between the first line ( <?php ) and the line that says / That's all, stop editing. Happy Blogging / to temporarily disable all features so you can log in.
If needed, you can see how to edit the wp-config.php file in this article.