If a user forgets their login password there is currently no way to reset it (it cannot be recovered from the hash). On the login screen add an option to generate a new password. A generated password could be delivered using a variety of means:

1. Include it in the response message (not secure, but one might argue that test results aren't very sensitive*)
2. Send a message to the user's email address
3. Allow a user to add an OpenPGP public key to the account, and use this to encrypt an email message containing the password

* This option would be better if login were secured using TLS (https).