Which brings us on to another subject: how to implement password resets? The industry standard is to allow users to send themselves password reset emails.
