Handling lost passwords

I'm looking for ideas on how to handle lost passwords. Are there any schemes that really annoy you or any you have seen and thought "Wow, that's exactly how I hope I would implement it!"

The schemes I can think of are:
1. Use a preset question (e.g. Mother's maiden name) to verify identity and allow them to change the password.
2. Given correct email/username, email a new password.
3. Don't use anything automated - communication is done through email and changing is manually done by an admin.
4. Something else?

i've always prefered the e-mail method myself. i never did provide an honest answer for the mothers maiden name type questions therefore i quickly forgot what i put for the answer..

I prefer the send a random password via email. Then, require it is changed upon first login...

I agree with Matt. There should not be a way to extract a user's password from the database. It should be one-way encrypted in the database. If they forget, you email a new totally random password and set a flag that forces a password reset on next login.

If you have a retrievable password in the database (or text file, or whatever), someone will retrieve it, and it's not a situation you want to have.

That's correct, I am using a one-way function (at least MySQL's PASSWORD function better be one-way). I think the three scenarios I mentioned all confrom to this.

Thanks for your responses. The only problem with my system is that I don't require an email address (due to business reasons and not anything technical), so emailing a new password might not work all the time.