in security assist 2, the forgot password sends the user to a page to reset their password,
in security assist 1, you could create a forgot password page that would create a new random password, send that password in the email, then encrypt it and store the new random password in the database, it was decrypting what was already there, it was creating a new one, and sending that.