I'm working on a web applications where - believe it or not- the users aren't required to provide their email address to sign up. These requirements can not change. The users will login to the system with an id and password just like any standard web site. The problem I'm facing has to do with user's that have forgotten their password. When they want to generate a new one, how do I verify their identity?I'm working on a web applications where - belie