I read the other password recovery questions on SO and it seems that most people consider sending a password recovery link that can be used only once and expires after a couple of days to be most secure.
Now my question, (I know it is subjective, but I am looking for input that you may have received from your users)
Is this also decently comfortable for users? and by users I mean your grandmother not you co-worker.
As a user, I like when I can pick a new password of my choice, then have an activation mail sent to me, providing a clickable link for the new password to take effect.
I do not like when a new one time password is sent to me, having me to log in and edit it in my profile.
Best of all, though, is to have OpenID login, so I don't have to keep any password at all.