It would prob be easier to get the user to create a new login, then move the char(s) associated with the old account to the new
Only if your are 101% sure they are the actual owner thou
A lot of admins wont do it as it can cause problems down the line
If a user forgets there pws then they can only blame themselves imo