Secure ways to reset password or to give old password

Question

What is the most secure way to handle forgotten passwords/password resets? Should I email the password to the user? If so do you then force them to reset it? Or do you let t

Answer 1

I suppose you are going to do it programmatically? Or is it a question for Server Fault?

One of the ways is to send a link to the user's email account. He/she clicks on the link and is redirected to your secure web form where they reset the password.

Do NOT email the password to the user