It seems possible for a user to strip all their account auth providers under https://phabricator.wikimedia.org/settings/panel/external/ so they could not log in anymore (in my understanding).
The task UI does not show any hints about this (in contrast to e.g. deactivated user accounts), so I just replied to someone who will likely never see my comment in that task in https://phabricator.wikimedia.org/T283199#7106617
(And so far I fail to write a proper SQL query for this. SELECT u.userName FROM phabricator_user.user u WHERE u.phid NOT IN (SELECT uea.userPHID FROM phabricator_user.user_externalaccount uea; does not do what I'd expect.)