I've got a alternative solution that I like better than generating new passwords for users, maybe it has some drawbacks that I haven't been thinking about. Here goes.. 1. Generate a new strong token using RNGCryptoServiceProvider().GetBytes and store a Base64 version(string) in PersonalizedData using Load/Save methods for the username which a new password is desired. 2. Send a mail to the user (e-mail stored in PersonalizedData) with a link back to the site where both the token and user name is in the querystring. 3. When the user hits the link you match the token in the querystring with the data in PersonalizedData to validate that the user is authorized to change the password. 4. Let the user change password and then delete the token in the PersonalizedData object (set it to null). This approach has some advantages: 1. We don't have to automatically generate pseudo-readable passwords (which the user wants to change anyway). 2. Other users can't change passwords for other users, the mail may contain a statement like "If you don't want to change your password, please ignore this mail".