...
Also note that in order for a successful password request to occur the entered username must be valid, the user must have a valid email address for the request to be sent too to and the user must have also correctly configured all 3 security questions and answers. If all these conditions are met, then the password request is issued by sending an email to the requested users email address. The email will contain an embedded link which the user must click to continue with the password reset process.
...
If the security question is answered correctly and the new password/confirmation password entered match and agree with the corresponding password strength conditions of the underlying password policy, then the users user's password is successfully reset/changed.
...