Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.
When the user reset its password, it is recommended to:
Send the user an email informing them that their password has been reset (do not send the password in the email!).
https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html#user-resets-password
Note: I suggest to do the same when the user change its password in user preferences » security.