Is there a way not to change my current password when someone try change in forgot_password page?

Currently I get wrong credentials message in control panel login page after I trying to send my password for serveradmin in forgot_password page and I need to change my password in order login again.

my concern is if anyone of my customer or anyone know a username. he  can change the password into One Time Password and the real user will get Wrong credentials message with out knowing someone trying to change their password.

Asked question