I'm contemplating installing this one, but, I think if someone forgets their password, it doesn't let them update it without knowing the previous one, and "contact us" or "reset password" should be the better option. So that basically merely adds a vulnerability to your site if someone's email...