The process for resetting password has been less than ideal. Currently, an administrator sets a temporary password or a user answers their "secret question" (a question and answer set the user previously provided). A medical record system should have a stronger approach to password security and not even an administrator should ever know a user's password (even temporarily). The current approach also puts an undue burden on administrators to reset passwords for users who have forgotten them. Some work has been done in this direction and the necessary functionality is already available in OpenMRS core.
The goal of this project is to provide a user interface to support self service password reset which already exist in core. The introduction of this ui should be done on both the Reference application and the Legacy UI
Installing and Using OpenMRS Password Reset Open WebApp