Change the password reset process to send a link to the user to reset their vFire stored password rather than emailing them their existing password. Emailing users their existing password is a security risk and would likely be in breach of ISO standards.