I go into my database and delete my IP in the locked out IP's when my husband manages to lock us out, which is every couple of days because he clicks or enters before completing the captcha, or does not know the difference of an underscore and a dash! He can be very trying!
I do not use the white list feature because many of my registered members (including myself) log in from several different IP's frequently when using our private pages for remote group presentations or such. I think this feature would be most useful for a private or closed site.
The unlock code is set up to go to the email address that a user has already registered so someone trying to get access that way would not get a code or details unless they are already registered. If an email address is not already registered they don't get an unlock code sent to an unregistered email address.
As far as not remembering your username, I use a local credentials program that stores all my login/user details for each site (about 200 a day, give or take a dozen) which I can easily access prior to logging in eliminating any lost/forgot credentials issues. Even places that I only login annually, I rarely get locked out.