The problem is that users cannot reset their passwords themselves.
When a user clicks "reset my password", a reset email is sent to them. And then when someone clicks on the link, they are returned to the login interface instead of being redirected to the password reset interface. This makes a loop and then our support agents have to manually reset the password before passing it to the user.
