I use the hashing method. If users forget their passwords, then I generate a new one and email it to them (at which point they can log in and then reset the password to whatever they'd like to use). I typically use the MySQL password() function to do the hashing when using that DBMS for the user data, instead of doing it via PHP's md5() function (no special security advantage, I just started doing it that way at one point with the rationalization that it keeps the hashing method independent of the application program in case I want to use the DB with other programming languages, for instance).
