Password reset is in the form of three different radio options that reveal different inputs, rather than one account input that takes three different kinds of criteria.
Response email also includes date of the request which seems kind of pointless especially as it doesn't actually include a time?
Password reset request stub is the password reset page, but with a flash notification (in the Express "flash" middleware sense)
All showable passwords toggle together - I'm pretty sure old and new passwords toggle together (which isn't necessarily the use case you want, if your old password was something you want more strongly not to disclose, or vice versa). The new passwords certainly toggle together (which is right and good).
the reset password submit stub links to login, page is resetpassword.aspx
In the password settings, there's something about a captcha on login screen that can only be avoided by changing password every 6 months or adding 2FA? I didn't see any captcha, but then, I changed my password immediately before logging in, via reset.
prechecked "sign me up for the mailing list" in registration (#175)
for agreeing to terms, no checkbox, only "By creating an account you agree with our TOS"
Stray observations: