I think the main point with passwords is that they are a single point of failure. If a password gets discovered, then it's all over. If it gets lost, it's all over too.
A choice would be adding anything to these passwords that could act like a backup (an email, for example). But that goes against the ideas of simplicity and being hurdle free.
Another option would be to, instead of adding a reset password, to add a disable account, which can only be used with the password.
That way, if an account gets exploited, the creator himself can, at any time, close the account and prevent any damages.
This helps avoid impersonation, but it doesn't prevent it altogether. Nor does it deal with the possibility of losing a password. Nonetheless, it ensures at least that each person who has an account is in control of it.