There are three ways to reset an account's password.

Administrator methods

Send an activation email (recommended)

These both send the user an email with a link they can use to set a new secure password. As with the user method, this does not invalidate the old password until the new one is set which means that if the user remembers their password they can carry on working.

Set a new password manually

User method

Forgotten password page

This is linked to on the authentication point and at

When used an email is sent to the user with an activation link that will let them choose a new password. This does not disable the account and access will continue to work with the old password until a new one is set. Amongst other things, this approach prevents people resetting a friend's password and disabling their access 'for a laugh'.