Add rate limiting to authenticated password reset

There is no rate limiting on the password reset on the account page. If a user leaves a logged-in session unattended, an attacker can brute force the feature to find the users password. Rate limiting should be added to mitigate this risk.