To reduce the some of the security risk from the password reset feature, the link to reset the password only appears if there is a couple of unsuccessfull login attempts and the email address is a valid account.
They must then go through recaptcha robot check and verify their email for the account. If the password reset is SMS the system completes a second robot check and asks them to verify their mobile phone number on their account .
“To verify that this is your phone number, enter the last 4 digits including 00, and then click “Send code” to receive your code.”
If the email address and the mobile number matches the records for the account, plus the user has passed the reCaptcha robot checks a password reset code is sent to their device or email account. They must then enter their new password twice aswell as the two factor code they received to complete a password reset.