There was a rash of reviewers for the 2015 Wikimania cycle who either never got or couldn't find there passwords. The "fix" for this was to delete the user's account and allow an admin to create a new account for them. It would be better to have a password reset process via email for existing user accounts. This could be a self-serve "forgot my password/username" feature where an email address is entered by the user and a time limited (48 hours?) token is sent that will allow the email account holder to authenticate and change password.
This feature should not expose the emails known by the system, so even if no account is found with a matching email the same "account recovery email sent" message should be given in the user interface.
The email should include a URL that contains the unique recovery token and the username associated with the email address along with an explanation that a password reset was requested through the application and that this can be ignored if the recipient did not ask for the reset.