As stated above/below – it uses the email address (or looks up an email address from a username) that you provide, and sends a link with a token in it.

Assuming you’re the only person with access to your email, you’re the only one who receive that link. And when you follow it, it’ll take you to a location where you can change your password and log in. These ‘change password’ links typically are one-use only and have a timeout, to avoid anyone stumbling on the link somehow and using it to gain access to your account.

So two things are obviously key:

– It’s important to give a valid email address to any accounts, if you want to be able to reset the password (you may have to provide one to create the account in the first place)

– Your email account is a great way of gaining access to other sites/accounts. Whatever else you do, make sure your email password is safe, and hard to guess (or use a password manager).