As a developer, I want to know the technical, security, and relevant user considerations for the password reset project, so that the CommTech team can properly prepare for the project.
**Requirements:**
* Investigate the various forms of password resets currently available to users (e.g. is 2FA allowed as an option -- and, if so, how is it enabled and how may be impact password reset changes?)
* Investigate the technical and social considerations of requiring both a username and email address to successfully generate a password reset request email
* Investigate if we can have an email only reset option. If yes, what would be the consequences (technical and social)?
* Query for what percentage of accounts:
** Don't have a confirmed email address?
** Have a unique confirmed email address?
** Have a confirmed email address shared by another account (and, if possible, details related to distribution -- for example, perhaps some emails have 100s of accounts?).