authentication – Forget Me Not? Abandoning the Forgot Password Functionality

I’m not sure that this is a security question, but there are lots of cases where there is no automatic, self-service password reset function. Staff accounts at companies, bank customer accounts, etc.

So, from a security standpoint, as long as you have a process for users to recover their password that is strong enough to mitigate the risks of a compromised account (proper identification checking, etc.), then that is actually quite normal.