Show a link to reset the password
This should be present as closely as possible to the password text field, in an obvious state of clickability (link style underline, colour change)
Ask for account details to verify
This information is used to recognise the account the password should be reset for.
This can also be used as the medium to sent the link to reset their password, which is why the common information to provide is the email address.
Show information has been sent to proceed
Based on the information they provided in Step 2, explain how they can continue. This typically will involve using the information they provided.
If they provided an email, you would send an email for the next step. If they provided a phone number, you could be asking for a code you texted them.
Message content explains next step
This could be a link to a page that allows the user to reset their password.
It could also be a code for the user to provide on a page to verify their account, to then reset their password.
Reset the password!
Whether it's a verification code or a link to click behind an email address, the next page should be a clear text field to enter a new password.
Show password has been reset and a path to login
Now that the largest task is complete, show the user it has successfully updated. Then give them a direct offer to log in with their new password, to return them to the original flow they were in.
UX Guide: Password Reset User Flow
Another walkthrough of the flow to reset a password with a 'temporary password link' step.
Password Reset Flow: Best Practices for Custom Applications
A look at how industry leaders have designed the password reset flow.