They do log password resets. Change your password and try using the old password soon after. You will notice that it might say "This is an old password that was changed 1 day ago" or something to that extent.
Is this not the same as the monthly activity report?
That is an excellent idea.
None of them like to log. For example when you contact a company asking for it they are reluctant to just hand it over without knowing why. You often have to tell them that your password got out into the wild. They cant put the ips because people would realise how many times their accounts get hacked and they would run around the internet saying how insecure it is.