In the wizard, you can set up your password field with an type of encryption that can't be decrypted... like md5. Then it will create the forgot password page that resets the password rather than sending the password value in the email. Then you can go back in and update the actual encryption type for the update server behavior to match the type of encryption you want to use.