One option is to look at when the user last logged in. I would be a lot less pissed if an account that I've never touched in 10 years got compromised... I'm probably going to remember my info for recent accounts and want it to be difficult to social engineering those
People using a password manager might not ever know their password. Funny things happen with password managers where history is missing, changes don't save, keystrokes break things. We can't penalize users who use them.
That's why it should only raise a flag rather than totally stop. Perhaps the customer service rep can ask a few more questions.
It's a similar situation to someone who only ever uses their credit card to buy small amounts from their local supermarket. Then suddenly they use it to buy a flight in another country. It might be legit, but it's often not, and should suggest that customer service need to do more investigation before approving.
This is more about preventing the social engineering attacks. The example you're replying to is where the actual user logged in 20 minutes ago, while the attacker is trying to claim to customer service that they forgot the password. If customer service were looking at login attempts, they would see that it doesn't make sense for the user to not know their password, when clearly they provided it to the site just 20 minutes ago.
> I would be a lot less pissed if an account that I've never touched in 10 years got compromised...
You don't need to log into your VPS provider's account or domain name provider's account very often, compared to how often you use the machine or domain. But you don't want those getting reset more easily just because you haven't logged into them in a while.
