> Most sites these days ask Security questions and it is no longer a single click from email.
yes, i noticed. especially apple itunes/icloud. I hate them. And i consciously choose to avoid sites like these.
I prefer sites that mail you a one time token to reset your password (and also log you in automatically). Or you can just copy the password once, and do the login for that one session.
My answers to security questions also use a stateless security question answering script.
The reality is most security questions are horrible security questions (e.g. what is your pet's name -- for people with pets that's usually referred to multiple times on Facebook statuses)
In addition, certain sites log you out after the change-password action and require you to explicitly login right after.
Explicitly not storing the password sounds.. brave? stupid?