I found a rather nice option for that. We use it our selve at some site's. It goes like this: you give a user a password. You save it somewhere in a database and send a letter with that password to the user. Then you force your user to change that password at the beginning of the login. At this way every user uses it's own passwords.
When somebody forgot's there password, then you can socalled reset it. This wil change the password to the standard password for that user. No the user can take his letter or e-mail where the origional password was printed on and he/she can login. Then after the reset, they can login, and then the have to change there password again.
I'll hope it wil be implementated.