I'm curious how that feature works on the backend. If the premise is employees abusing internal access to fiddle account data, and the feature can be toggled on an account page, can't the insider abuse a password reset flow, toggle the setting off, then proceed as normal? I'm assuming that there's some "customer walks into store and needs to reset their password" functionality employees can access. Maybe a mandatory waiting period?