This is exactly what CloudFlare and Google have been doing for a while. i meet so many tech illiterate people who "can't log in to the internet" because of some discouraging CAPTCHA or because Gmail decided that even though they knew their passwords, a phone number they haven't used in 2 years (and has probably been reallocated to someone else) is a better proof of identity.
It's a shame it's even legal to discriminate people's browsers based on shady stats and not actual abuse.
Because HN loves to complain about this, I get to repeat it as always. Enroll a real 2fa (totp, security key, passkey) on your account and you will not face any of these issues. There's a reason they do this for insecure accounts and an easy way to avoid it.
I've logged into years-dormant Gmail accounts, from small towns in Mexico on a $2usd Mexican SIM and google has not even batted an eye.
It would be really awesome if Google would kindly tell them so they could have an opportunity to fix the issue and reactivate their account, instead of hard-locking them out with no recourse.
It's not like people are encouraged to keep their valuable data with these companies, only to lose the ai-fraud-detection lottery.
That's very unlikely. If you talk to anyone working in a public library or a local non-profit assisting elderly/homeless people, you will notice these issues are systemic and not isolated cases. From the cases i would see first hand, nothing would suggest that they had been compromised in any way.
It's a shame it's even legal to discriminate people's browsers based on shady stats and not actual abuse.