Our team is going back and answering some of our most frequently asked questions.
Password resets are still the official Auth0 recommended way to resolve this use case. Here is the instructional video we created walking through the setup process:
There may be another way which is to redirect to the password change ticket within the Action i.e: api.redirect.sendUserTo("password change ticket");
See here about redirecting within Actions:
If you would like to If see a change in this behavior please log some product feedback here Auth0: Secure access for everyone. But not just anyone.
Hope this helps.