Note: The password in this image is no longer valid, don’t kill me
This is just used by their wiki, the side with the payment stuff uses a different system (and a separate login)
I don’t have a problem with it assuming the password must be changed immediately.
This is just as secure as emailing a password reset link or a passcode.
deleted by creator
No, it is not “insecure.” It aligns with OWASP guidance: https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html
When would it be problematic? It would be problematic if they sent your actual password in cleartext as part of the “reset.” This would show that they can access your password in plain text within their database, which is the worst way of storing passwords on servers. (Dedicated password hashing algorithms exist to securely store passwords.) What they provided you is a one-time password.
I used to work for a temp agency that did this. I contacted their IT multiple times regarding it. Their response was, as long as your email is secure the password is secure.