Forgot Password flow: an confirmation email will be sent to the given e-mail, with a link. The user clicks the link and reaches to a page where he can set a new password. If the user gets this email without requesting the "forgot password" flow, it means that someone else has entered the user's email by mistake, or tried to take over the users' account. In this case the account is safe; hackers cannot use this secured mechanism in order to take over others' accounts.

The link is created using crypto library. It contains the timestamp and the username. Encrpytion is crucial so hackers cannot intercept or forge links.