This is exactly what CloudFlare and Google have been doing for a while. i meet so many tech illiterate people who "can't log in to the internet" because of some discouraging CAPTCHA or because Gmail decided that even though they knew their passwords, a phone number they haven't used in 2 years (and has probably been reallocated to someone else) is a better proof of identity.
It's a shame it's even legal to discriminate people's browsers based on shady stats and not actual abuse.
Because HN loves to complain about this, I get to repeat it as always. Enroll a real 2fa (totp, security key, passkey) on your account and you will not face any of these issues. There's a reason they do this for insecure accounts and an easy way to avoid it.
I've logged into years-dormant Gmail accounts, from small towns in Mexico on a $2usd Mexican SIM and google has not even batted an eye.
It's a shame it's even legal to discriminate people's browsers based on shady stats and not actual abuse.