ahampt
commented
11 years ago Too much ability to exploit this option so rethinking. Could build a very secure system with temp reset link with security questions but too much time for little site usage. Just giving an email address for support and an admin can reset it.
Forgot password functionality. Reset to random string and email to user.