If a user forgot the password, the user can reset the password for a cognito user when the password are reset the user will recived the confirm code by e-mail, and after the user have confirm with the code and new password the password is changed, you will learn how to change the password if the user want to change current password with a new one, all are on going amazon cognito.