Sending the newly generated password to the user's e-mail address is an ordinary solution, that isn't appropriate in all scenarios.

What It the user is in front of the computer from wich his/she's e-mail account isn't accessible, or waiting for the e-mail sometimes long time isn't acceptable?

Wouldn't be better to allow changing the password on the basis of security answer immediately in these cases, or this solution bears an additional security risk?

Thanks for your opinions

Gabor