In order to help users that have not yet had a chance to set up a new security question and answer, we've restored the old ability for a user to reset the password themselves by following a special link emailed to them. They will receive this email automatically now if they enter their username in the password recovery area, and we detect that they do not have a challenge question. Users with challenge questions will use that method for their password resets. We hope this will make the system even simpler to use and require less work for publishers.
This functionality will appear in the next upgrade, tentatively planned in about a week.
