it is more complicated after all ,
as now you need password recovery/reset service, and for that you need to set up the email backend and you need to exchange a token to verify that the user with the email is actually resetting their password,
all of that is directly supported by Django (at least it was fully supported in version 1.4), it does take some digging through the docs.
They may have deprecated that by 1.6 but the site may not work properly with the newest Django versions without some changes anyhow.
best,
Istvan