Hello Charles Russell,
Sitefinity authentication and authorization are based on standard ASP.NET membership, therefore the same principles apply. Changing of the password is a bit tricky indeed, so you need to bear in mind that if the membership provider is set to encrypt the passwords, you won't be able to change the password, but you will be able to reset it (again if you set your membership provider to allow password reset).
Here is the link that can help you with PasswordRecovery control and has several samples with source code:
Thanks for getting in touch with us. Let us know if we can further assist you.
the Telerik team