During the process of account creation, the 'email' field is optional. If user does not enter the email during account creation and user forgets his password, then user does not able to access account by resetting password using "Forget password".
Also there is not mobile number verification is added. Hence i suggest to make an email OR mobile number compulsory/mandatory field so user can easily reset the forgotten password.
See also:
T58028: Show Echo web notification (asking users to consider providing an email) to users who don't have an e-mail address associated with their account
T58074: Remind users who have entered an email address, but haven't confirmed it
T215633: Emailability: Prompt users during email skip attempt