You can allow users to use challenge response or one time password during forgotten password process. To use any of these verification methods, you need to configure the Self Service Password Reset settings. For more information about configuring forgotten password settings refer, Configuring Forgotten Password Module.
Client Login Extension now supports more secured hashing methods. The responses are stored in PBKDF2WithHmacSHA512 hashing method. By default, Self Service Password Reset uses the PBKDF2WithHmacSHA512 hashing method.