I see that there's a 'forgot password' link on the vPanel now. Nice add. (How long has it been there? )

When clicking on that link, you're redirected to a screen that asks for email, username, and "security code". I have a few suggestions for that screen:
First, do you plan to offer a way for users to retrieve their User ID? If that's "send an email to support@voipo.com" or call 1-8xx-whatever, that guidance should be included on the page.

Second, the term security code is not consistent with the PIN language within the vPanel. It wasn't immediately clear that the PIN is the "security code" (although such an assumption would be reasonable to make, if you know the PIN is there). I'm further concerned that a user is more likely to forget their 'PIN' than their password, making the 'forgot password' app pretty useless. Will new users be asked to 'customize' their PIN when they create accounts to make it more likely that they'll remember it? (If you intend to use the PIN in this fashion, you should require users to select a PIN they'll remember, and tell them that they'll need it in case they forget their password.)

Third, when that page is completed, there is no status notification. The screen just refreshes with empty fields. You should add a status message such as "Password reset. Check your email for the new password." or "Password not reset. Unable to authenticate user. Please contact support at (email, phone)." This issue also happens at the vPanel login--if you enter the wrong password, it just resets the screen without saying "That username and password combination was not recognized." or a similar error message.

Regarding the PIN, I see that it's numeric only--if you enter text, you are assigned a PIN of 0. I also see that if you enter a very high number, say, 100000, you're assigned 32767. I would suggest, at a minimum, some guidance on selecting a PIN (e.g. must be a 4-digit number; first digit can't be zero) and then improved error checking (if PIN < 1000 or > 9999, indicate Invalid PIN and re-ask. You probably want to disallow 1111, 2222, (etc), 1234, (etc)). Either that, or perhaps you could change the PIN field to a more generic "Security Code" field that has less stringent error checking on it (e.g. make sure it's a string of at least 6 characters and isn't "voip-o").