What is the best “forgot my password” method? [duplicate]

Answer 1

I've tried a couple of methods that I've not really been happy with. What I've settled on for the next project is to:

1. User enters username and email address
2. Email sent with link containing url and guid param which has been stored in db with 48 hour expiry
3. User confirms password to be reset
4. New password is emailed to user
5. Login with new password displays message or redirects to change password page.