At present, password resets are not very user-friendly or as secure as they should be. 1) Under Settings, the user can change their email address but there is no option or even information on how to change their password. That's unusual. It'd be better to give the user the ability to choose a new password here. 2) The workaround seems to be to log out and then use the 'Forgotten your password?' feature. It works, but it is not intuitive for users who haven't actually forgotten their password but just want to change it for whatever reason, as above. And while we're at it: 3) The 'Forgotten your password?' feature sends a new random 12-digit password (alpha-numeric only, no symbols) to the user's account email address. That's not terrible given the nature of this software (not banking or whatever), but it certainly isn't great cyber-security practice, for a number of reasons I won't get into. Suffice to say that there are reasons why these days most services have users change their passwords inside a page that the service hosts. That (a) avoids having their password reside in their email account which might get hacked, (b) allows more savvy users to use stronger passwords via their password management software, (c) allows less savvy users to use tricks like 'long yet memorable' passphrases, or mnemonics, rather than a random assortment of digits they can never remember and have to record somewhere that is insecure.