I need our current password-reset page upgraded so it not only feels safer but actually is. Two key aims guide the work: • Functional improvement – add an email-verification step that triggers a secure link. After a user submits the reset form, they must click that single-use link before they can choose a new password. • Security enhancement – ensure the whole flow resists common attacks. Think expiring tokens, rate-limiting on requests, and server-side validation before any password update is accepted. You’ll adjust both the front-end form and the back-end logic so the experience remains smooth while the underlying process gains these extra checks. All existing styling stays; I only need the new verification link workflow wired in, fully tested, and documented well enough for my team to maintain.