diff --git a/docs/gotcha.txt b/docs/gotcha.txt
index 21ceb2e75..b1a0ba3cd 100644
--- a/docs/gotcha.txt
+++ b/docs/gotcha.txt
@@ -14,15 +14,18 @@ save you many hours of grief.
    running the entire test suite prior to SVN commits easier to do
    since it won't take so long.
 
- * Password recovery has been redone.  It is now based on profile fields
+ * Password recovery has been redone, and is now based on profile fields
    rather than email access.  Since there's no real way to migrate the
-   latter to one to the other, this upgrade disables password recovery;
-   before enabling it again, use the profile fields editor to set certain
-   fields as required for password recovery.  Then any user who enters all
-   of those fields correctly can recover their password.  The template
-   variables are also different, so if you have a custom password recovery
-   template, you will have to update it.  See the new default password
-   recovery template for an example of how to use the new variables.
+   one to the other, this upgrade _disables password recovery_.  The template
+   variables for password recovery are also different, so if
+   you have a custom template, you will have to update it.
+
+   To enable password recovery, you must first pick a set of profile fields
+   to use such that any user who knows that set of fields can reset their
+   password based on those.  Edit each of those profile fields to turn the
+   "Required for password recovery?" flag on; then you will be able to
+   enable password recovery.  It is highly advisable to pick several fields,
+   as one field only is very easy to break.
 
 7.2.0
 --------------------------------------------------------------------
diff --git a/lib/WebGUI/Auth/WebGUI.pm b/lib/WebGUI/Auth/WebGUI.pm
index 76290efd6..482d3d195 100644
--- a/lib/WebGUI/Auth/WebGUI.pm
+++ b/lib/WebGUI/Auth/WebGUI.pm
@@ -423,14 +423,16 @@ sub editUserSettingsForm {
                 -label=>$i18n->get(18)
              );
    $f->yesNo(
-	         -name=>"webguiPasswordRecovery",
-             -value=>$self->session->setting->get("webguiPasswordRecovery"),
-             -label=>$i18n->get(6)
+	         -name => "webguiPasswordRecovery",
+                 -value => $self->session->setting->get("webguiPasswordRecovery"),
+                 -label => $i18n->get(6),
+	         -hoverHelp => $i18n->get('webguiPasswordRecovery hoverHelp')
              );
    $f->yesNo(
-	         -name=>"webguiPasswordRecoveryRequireUsername",
-             -value=>$self->session->setting->get("webguiPasswordRecoveryRequireUsername"),
-             -label=>$i18n->get('require username for password recovery')
+	         -name => "webguiPasswordRecoveryRequireUsername",
+                 -value => $self->session->setting->get("webguiPasswordRecoveryRequireUsername"),
+                 -label => $i18n->get('require username for password recovery'),
+	         -hoverHelp => $i18n->get('webguiPasswordRecoveryRequireUsername hoverHelp')
              );
    	$f->yesNo(
 		-name=>"webguiValidateEmail",
@@ -490,7 +492,11 @@ sub editUserSettingsFormSave {
 	$s->set("webguiWelcomeMessage", $f->process("webguiWelcomeMessage","textarea"));
 	$s->set("webguiChangeUsername", $f->process("webguiChangeUsername","yesNo"));
 	$s->set("webguiChangePassword", $f->process("webguiChangePassword","yesNo"));
-	$s->set("webguiPasswordRecovery", $f->process("webguiPasswordRecovery","yesNo"));
+
+	# Special case to make sure we have at least one field enabled before allowing
+	# password recovery to be turned on.
+	$s->set("webguiPasswordRecovery", $f->process("webguiPasswordRecovery","yesNo") && ($self->session->db->quickArray("SELECT COUNT(*) FROM userProfileField WHERE requiredForPasswordRecovery = 1"))[0] > 0);
+
 	$s->set("webguiPasswordRecoveryRequireUsername", $f->process("webguiPasswordRecoveryRequireUsername","yesNo"));
 	$s->set("webguiValidateEmail", $f->process("webguiValidateEmail","yesNo"));
 	$s->set("webguiUseCaptcha", $f->process("webguiUseCaptcha","yesNo"));
diff --git a/lib/WebGUI/Operation/ProfileSettings.pm b/lib/WebGUI/Operation/ProfileSettings.pm
index 5e40e43bd..579d17c15 100644
--- a/lib/WebGUI/Operation/ProfileSettings.pm
+++ b/lib/WebGUI/Operation/ProfileSettings.pm
@@ -343,13 +343,24 @@ Returns the user to www_editProfileSettings when done.
 sub www_editProfileFieldSave {
 	my $session = shift;
         return $session->privilege->adminOnly() unless ($session->user->isInGroup(3));
+
+	# Special case for WebGUI auth password recovery.
+	my $requiredForPasswordRecovery = $session->form->yesNo('requiredForPasswordRecovery');
+	if ($session->setting->get('authMethod') eq 'WebGUI'
+	    and $session->setting->get('webguiPasswordRecovery')
+	    and not $requiredForPasswordRecovery
+	    and ($session->db->quickArray("SELECT COUNT(*) FROM userProfileField WHERE requiredForPasswordRecovery = 1"))[0] == 1) {
+		# We'd be turning off the only one.  Don't do it.
+		$requiredForPasswordRecovery = 1;
+	}
+
 	my %data = (
 		label=>$session->form->text("label"),
 		editable=>$session->form->yesNo("editable"),
 		visible=>$session->form->yesNo("visible"),
 		required=>$session->form->yesNo("required"),
 		showAtRegistration=>$session->form->yesNo("showAtRegistration"),
-		requiredForPasswordRecovery=>$session->form->yesNo("requiredForPasswordRecovery"),
+		requiredForPasswordRecovery=>$requiredForPasswordRecovery,
 		possibleValues=>$session->form->textarea("possibleValues"),
 		dataDefault=>$session->form->textarea("dataDefault"),
 		fieldType=>$session->form->fieldType("fieldType"),
diff --git a/lib/WebGUI/i18n/English/AuthWebGUI.pm b/lib/WebGUI/i18n/English/AuthWebGUI.pm
index 27476e79b..7a271fda2 100644
--- a/lib/WebGUI/i18n/English/AuthWebGUI.pm
+++ b/lib/WebGUI/i18n/English/AuthWebGUI.pm
@@ -255,6 +255,16 @@ our $I18N = {
 		lastUpdated => 1071507760
 	},
 
+	'webguiPasswordRecovery hoverHelp' => {
+		message => q|Select "Yes" to permit users who know a particular combination of their profile fields to recover their passwords.  In order for this to take effect, at least one profile field must have its "Required for password recovery?" flag turned on.  It is highly advisable to pick several fields, as using only one field is usually very easy to break; remember that anyone who discovers all of those fields for a user can reset that user's password.|,
+		lastUpdated => 1071507760
+	},
+
+	'webguiPasswordRecoveryRequireUsername hoverHelp' => {
+		message => q|Select "Yes" if you want users to also have to enter their username for password recovery.  Otherwise, they will be able to reset their password and log themselves in by knowing only the other profile fields that are enabled for password recovery, even if they have forgotten their username.|,
+		lastUpdated => 1071507760
+	},
+
 	'recovery template title' => {
 		message => q|WebGUI Authentication Password Recovery Template|,
 		lastUpdated => 1078856556