erp5_authentication_policy can be configured to automatically create Credential Recovery for user once login expire.
This was no longer working since we switched to ERP5 Login, Credential Recovery ticket was created with a relation to ERP5 Login, but it should be related to the Person.