Wouldn't phishing be more like "make a site that looks like Facebook and try to get people to input their Facebook passwords?" What this person described is more abusing password recycling no?

It doesn't even have to be recycling. In fact, I have incorrectly pasted a wrong password to my Google account not realizing I had copied from one row underneath.

Personally, I place a lot of faith and trust in Google so I don't think they'd store failed password attempts about me (I've already volunteered them more information about me than I would volunteer to my own elected representatives anyway). If I ever realized I made a mistake the other way round, I'd reset the password to my Google account even though it has 2FA.

Have you ever noticed that if you enter a password previously used on a Google account it will tell you "password changed X units of time ago"? That surprised me.

It wouldn't surprise me if they're storing failed attempts at all. More data to feed the machines.

Every Linux machine knows when you last changed your password, too.

  $ passwd --status

I'm not sure why that would matter, but that's not true. No sudo needed to look up that I set my password on this VM on 2013-10-08.

That was a direct copy'n'paste from a session on centos7.

Password age is kept in /etc/shadow, not /etc/passwd.

So the passwd command is (needs to be) setuid.

Redhat generally limits what setuid programs can do.

Probably sensible.