You could use Accounts.validateLoginAttempt
Server side code
Accounts.validateLoginAttempt(function(info) {
var user = info.user;
if(user.isBanned) throw new Meteor.Error(403, 'You are banned');
});
With the above code: If you added isBanned: true
to any user in your MongoDB database, that user would not be able to sign in.