The system should provide a way for the user to reset their passwords in the case where the user has forgotten their password.

We could send a password reset link with an expiry period, maybe?