diff --git a/media_manager/auth/config.py b/media_manager/auth/config.py
index 966eab3..0913c7c 100644
--- a/media_manager/auth/config.py
+++ b/media_manager/auth/config.py
@@ -10,11 +10,20 @@ class AuthConfig(BaseSettings):
     token_secret: str = Field(default_factory=secrets.token_hex)
     session_lifetime: int = 60 * 60 * 24
     admin_email: list[str] = []
+    email_password_resets: bool = False
 
     @property
     def jwt_signing_key(self):
         return self._jwt_signing_key
 
+class EmailConfig(BaseSettings):
+    model_config = SettingsConfigDict(env_prefix="EMAIL_")
+    smtp_host: str
+    smtp_port: int
+    smtp_user: str
+    smtp_password: str
+    from_email: str
+    use_tls: bool = False
 
 class OpenIdConfig(BaseSettings):
     model_config = SettingsConfigDict(env_prefix="OPENID_")
diff --git a/media_manager/auth/users.py b/media_manager/auth/users.py
index f787398..66305a8 100644
--- a/media_manager/auth/users.py
+++ b/media_manager/auth/users.py
@@ -1,3 +1,4 @@
+import logging
 import os
 import uuid
 from typing import Optional
@@ -13,13 +14,20 @@ from fastapi_users.authentication import (
 from fastapi_users.db import SQLAlchemyUserDatabase
 from httpx_oauth.clients.openid import OpenID
 from fastapi.responses import RedirectResponse, Response
+from pydantic import AnyHttpUrl
 from starlette import status
 
-from media_manager.auth.config import AuthConfig, OpenIdConfig
+from media_manager.auth.config import AuthConfig, OpenIdConfig, EmailConfig
 from media_manager.auth.db import User, get_user_db
 from media_manager.auth.schemas import UserUpdate
 from media_manager.config import BasicConfig
 
+import smtplib
+from email.mime.text import MIMEText
+from email.mime.multipart import MIMEMultipart
+
+log = logging.getLogger(__name__)
+
 config = AuthConfig()
 SECRET = config.token_secret
 LIFETIME = config.session_lifetime
@@ -47,7 +55,7 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
     verification_token_secret = SECRET
 
     async def on_after_register(self, user: User, request: Optional[Request] = None):
-        print(f"User {user.id} has registered.")
+        log.info(f"User {user.id} has registered.")
         if user.email in config.admin_email:
             updated_user = UserUpdate(is_superuser=True, is_verified=True)
             await self.update(user=user, user_update=updated_user)
@@ -55,20 +63,55 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
     async def on_after_forgot_password(
         self, user: User, token: str, request: Optional[Request] = None
     ):
-        print(f"User {user.id} has forgot their password. Reset token: {token}")
+        link = f"{BasicConfig().FRONTEND_URL}login/reset-password?token={token}"
+        log.info(f"User {user.id} has forgot their password. Reset Link: {link}")
+        if not config.email_password_resets:
+            log.info("Email password resets are disabled, not sending email.")
+            return
+
+        email_conf = EmailConfig()
+        subject = "MediaManager - Password Reset Request"
+        html = f"""\
+        <html>
+          <body>
+            <p>Hi {user.email},
+            <br>
+            <br>
+            if you forgot your password, <a href="{link}">reset you password here</a>.<br>
+            If you did not request a password reset, you can ignore this email.</p>
+            <br>
+            <br>
+            If the link does not work, copy the following link into your browser: {link}<br>
+          </body>
+        </html>
+        """
+
+        message = MIMEMultipart()
+        message["From"] = email_conf.from_email
+        message["To"] = user.email
+        message["Subject"] = subject
+        message.attach(MIMEText(html, "html"))
+
+        with smtplib.SMTP(email_conf.smtp_host, email_conf.smtp_port) as server:
+            if email_conf.use_tls:
+                server.starttls()
+            server.login(email_conf.smtp_user, email_conf.smtp_password)
+            server.sendmail(email_conf.from_email,user.email, message.as_string())
+        log.info(f"Sent password reset email to {user.email}")
+
 
     async def on_after_reset_password(
         self, user: User, request: Optional[Request] = None
     ):
-        print(f"User {user.id} has reset their password.")
+        log.info(f"User {user.id} has reset their password.")
 
     async def on_after_request_verify(
         self, user: User, token: str, request: Optional[Request] = None
     ):
-        print(f"Verification requested for user {user.id}. Verification token: {token}")
+        log.info(f"Verification requested for user {user.id}. Verification token: {token}")
 
     async def on_after_verify(self, user: User, request: Optional[Request] = None):
-        print(f"User {user.id} has been verified")
+        log.info(f"User {user.id} has been verified")
 
 
 async def get_user_manager(user_db: SQLAlchemyUserDatabase = Depends(get_user_db)):
diff --git a/media_manager/config.py b/media_manager/config.py
index ecfb626..05f1913 100644
--- a/media_manager/config.py
+++ b/media_manager/config.py
@@ -9,6 +9,6 @@ class BasicConfig(BaseSettings):
     tv_directory: Path = "/data/tv"
     movie_directory: Path = "/data/movies"
     torrent_directory: Path = "/data/torrents"
-    FRONTEND_URL: AnyHttpUrl = "http://localhost:3000"
+    FRONTEND_URL: AnyHttpUrl = "http://localhost:3000/"
     CORS_URLS: list[str] = []
     DEVELOPMENT: bool = False
diff --git a/web/src/lib/components/login-form.svelte b/web/src/lib/components/login-form.svelte
index bdd9c76..194cb70 100644
--- a/web/src/lib/components/login-form.svelte
+++ b/web/src/lib/components/login-form.svelte
@@ -184,8 +184,7 @@
 					<div class="grid gap-2">
 						<div class="flex items-center">
 							<Label for="password">Password</Label>
-							<!-- TODO: add link to relevant documentation -->
-							<a class="ml-auto inline-block text-sm underline" href="##">
+							<a class="ml-auto inline-block text-sm underline" href="/login/forgot-password">
 								Forgot your password?
 							</a>
 						</div>
diff --git a/web/src/routes/login/forgot-password/+page.svelte b/web/src/routes/login/forgot-password/+page.svelte
new file mode 100644
index 0000000..fcc4d9d
--- /dev/null
+++ b/web/src/routes/login/forgot-password/+page.svelte
@@ -0,0 +1,140 @@
+<script lang="ts">
+	import logo from '$lib/images/logo.svg';
+	import background from '$lib/images/pawel-czerwinski-NTYYL9Eb9y8-unsplash.jpg?enhanced';
+	import { Button } from "$lib/components/ui/button";
+	import { Input } from "$lib/components/ui/input";
+	import { Label } from "$lib/components/ui/label";
+	import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "$lib/components/ui/card";
+	import { toast } from 'svelte-sonner';
+	import { env } from '$env/dynamic/public';
+
+	const apiUrl = env.PUBLIC_API_URL;
+	let email = $state('');
+	let isLoading = $state(false);
+	let isSuccess = $state(false);
+
+	async function requestPasswordReset() {
+		if (!email) {
+			toast.error('Please enter your email address.');
+			return;
+		}
+
+		isLoading = true;
+
+		try {
+			const response = await fetch(apiUrl + '/auth/forgot-password', {
+				method: 'POST',
+				headers: {
+					'Content-Type': 'application/json'
+				},
+				body: JSON.stringify({ email }),
+				credentials: 'include'
+			});
+
+			if (response.ok) {
+				isSuccess = true;
+				toast.success('Password reset email sent! Check your inbox for instructions.');
+			} else {
+				const errorText = await response.text();
+				toast.error(`Failed to send reset email: ${errorText}`);
+			}
+		} catch (error) {
+			console.error('Error requesting password reset:', error);
+			toast.error('An error occurred while sending the reset email. Please try again.');
+		} finally {
+			isLoading = false;
+		}
+	}
+
+	const handleSubmit = (event: Event) => {
+		event.preventDefault();
+		requestPasswordReset();
+	};
+</script>
+
+<div class="grid min-h-svh lg:grid-cols-2">
+	<div class="flex flex-col gap-4 p-6 md:p-10">
+		<div class="flex justify-center gap-2 md:justify-start">
+			<a class="flex items-center gap-2 font-medium" href="/login">
+				<div class="flex size-16 items-center justify-center rounded-md text-primary-foreground">
+					<img alt="MediaManager Logo" class="size-12" src={logo} />
+				</div>
+				<h1 class="scale-110">Media Manager</h1>
+			</a>
+		</div>
+		<div class="flex flex-1 items-center justify-center">
+			<div class="w-full max-w-[90vw]">
+				<Card class="mx-auto max-w-sm">
+					<CardHeader>
+						<CardTitle class="text-2xl">Forgot Password</CardTitle>
+						<CardDescription>
+							{#if isSuccess}
+								We've sent a password reset link to your email address if a SMTP server is configured. Check your inbox and follow the instructions to reset your password.
+								If you didn't receive an email, please contact an administrator, the reset link will be in the logs of MediaManager.
+							{:else}
+								Enter your email address and we'll send you a link to reset your password.
+							{/if}
+						</CardDescription>
+					</CardHeader>
+					<CardContent>
+						{#if isSuccess}
+							<div class="space-y-4">
+								<div class="rounded-lg bg-green-50 p-4 text-center dark:bg-green-950">
+									<p class="text-sm text-green-700 dark:text-green-300">
+										Password reset email sent successfully!
+									</p>
+								</div>
+								<div class="text-center text-sm text-muted-foreground">
+									<p>Didn't receive the email? Check your spam folder or</p>
+									<button
+										class="text-primary hover:underline"
+										onclick={() => { isSuccess = false; email = ''; }}
+									>
+										try again
+									</button>
+								</div>
+							</div>
+						{:else}
+							<form class="grid gap-4" onsubmit={handleSubmit}>
+								<div class="grid gap-2">
+									<Label for="email">Email</Label>
+									<Input
+										id="email"
+										type="email"
+										placeholder="m@example.com"
+										bind:value={email}
+										disabled={isLoading}
+										required
+									/>
+								</div>
+								<Button
+									type="submit"
+									class="w-full"
+									disabled={isLoading || !email}
+								>
+									{#if isLoading}
+										Sending Reset Email...
+									{:else}
+										Send Reset Email
+									{/if}
+								</Button>
+							</form>
+						{/if}
+						<div class="mt-4 text-center text-sm">
+							<a href="/login" class="text-primary hover:underline font-semibold">
+								Back to Login
+							</a>
+						</div>
+					</CardContent>
+				</Card>
+			</div>
+		</div>
+	</div>
+	<div class="relative hidden lg:block">
+		<enhanced:img
+			src={background}
+			alt="background"
+			class="absolute inset-0 h-full w-full rounded-l-3xl object-cover dark:brightness-[0.8]"
+		/>
+	</div>
+</div>
diff --git a/web/src/routes/login/reset-password/+page.svelte b/web/src/routes/login/reset-password/+page.svelte
new file mode 100644
index 0000000..44ab156
--- /dev/null
+++ b/web/src/routes/login/reset-password/+page.svelte
@@ -0,0 +1,151 @@
+<script lang="ts">
+	import logo from '$lib/images/logo.svg';
+	import background from '$lib/images/pawel-czerwinski-NTYYL9Eb9y8-unsplash.jpg?enhanced';
+	import { page } from '$app/state';
+	import { Button } from "$lib/components/ui/button";
+	import { Input } from "$lib/components/ui/input";
+	import { Label } from "$lib/components/ui/label";
+	import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "$lib/components/ui/card";
+	import { toast } from 'svelte-sonner';
+	import { goto } from '$app/navigation';
+	import { env } from '$env/dynamic/public';
+	import {ChevronLeft} from "lucide-svelte";
+	import {onMount} from "svelte";
+
+	const apiUrl = env.PUBLIC_API_URL;
+	let newPassword = $state('');
+	let confirmPassword = $state('');
+	let isLoading = $state(false);
+	let resetToken = $derived(page.data.token);
+
+	onMount(() => {
+		if (!resetToken) {
+			toast.error('Invalid or missing reset token.');
+			goto('/login');
+		}
+	});
+
+	async function resetPassword() {
+		if (newPassword !== confirmPassword) {
+			toast.error('Passwords do not match.');
+			return;
+		}
+
+		if (!resetToken) {
+			toast.error('Invalid or missing reset token.');
+			return;
+		}
+
+		isLoading = true;
+
+		try {
+			const response = await fetch(apiUrl+`/auth/reset-password`, {
+				method: 'POST',
+				headers: {
+					'Content-Type': 'application/json'
+				},
+				body: JSON.stringify({ password: newPassword, token: resetToken }),
+				credentials: 'include'
+			});
+
+			if (response.ok) {
+				toast.success('Password reset successfully! You can now log in with your new password.');
+				goto('/login');
+			} else {
+				const errorText = await response.text();
+				toast.error(`Failed to reset password: ${errorText}`);
+				throw new Error(`Failed to reset password: ${errorText}`);
+			}
+		} catch (error) {
+			console.error('Error resetting password:', error);
+			toast.error(error instanceof Error ? error.message : 'An unknown error occurred.');
+		} finally {
+			isLoading = false;
+		}
+	}
+
+	const handleSubmit = (event: Event) => {
+		event.preventDefault();
+		resetPassword();
+	};
+</script>
+
+<div class="grid min-h-svh lg:grid-cols-2">
+	<div class="flex flex-col gap-4 p-6 md:p-10">
+		<div class="flex justify-center gap-2 md:justify-start">
+			<a class="flex items-center gap-2 font-medium" href="/login">
+				<div class="flex size-16 items-center justify-center rounded-md text-primary-foreground">
+					<img alt="MediaManager Logo" class="size-12" src={logo} />
+				</div>
+				<h1 class="scale-110">Media Manager</h1>
+			</a>
+		</div>
+		<div class="flex flex-1 items-center justify-center">
+			<div class="w-full max-w-[90vw]">
+				<Card class="mx-auto max-w-sm">
+					<CardHeader>
+						<CardTitle class="text-2xl">Reset Password</CardTitle>
+						<CardDescription>
+							Enter your new password below.
+						</CardDescription>
+					</CardHeader>
+					<CardContent>
+						<form class="grid gap-4" onsubmit={handleSubmit}>
+							<div class="grid gap-2">
+								<Label for="new-password">New Password</Label>
+								<Input
+									id="new-password"
+									type="password"
+									placeholder="Enter your new password"
+									bind:value={newPassword}
+									disabled={isLoading}
+									required
+									minlength="1"
+								/>
+							</div>
+							<div class="grid gap-2">
+								<Label for="confirm-password">Confirm Password</Label>
+								<Input
+									id="confirm-password"
+									type="password"
+									placeholder="Confirm your new password"
+									bind:value={confirmPassword}
+									disabled={isLoading}
+									required
+									minlength="1"
+								/>
+							</div>
+							<Button
+								type="submit"
+								class="w-full"
+								disabled={isLoading || !newPassword || !confirmPassword}
+							>
+								{#if isLoading}
+									Resetting Password...
+								{:else}
+									Reset Password
+								{/if}
+							</Button>
+						</form>
+						<div class="mt-4 text-center text-sm">
+							<a href="/login" class="text-primary hover:underline font-semibold">
+								Back to Login
+							</a>
+							<span class="mx-2 text-muted-foreground">•</span>
+							<a href="/login/forgot-password" class="text-primary hover:underline">
+								Request New Reset Link
+							</a>
+						</div>
+					</CardContent>
+				</Card>
+			</div>
+		</div>
+	</div>
+	<div class="relative hidden lg:block">
+		<enhanced:img
+			src={background}
+			alt="background"
+			class="absolute inset-0 h-full w-full rounded-l-3xl object-cover dark:brightness-[0.8]"
+		/>
+	</div>
+</div>
diff --git a/web/src/routes/login/reset-password/+page.ts b/web/src/routes/login/reset-password/+page.ts
new file mode 100644
index 0000000..3c72626
--- /dev/null
+++ b/web/src/routes/login/reset-password/+page.ts
@@ -0,0 +1,6 @@
+import type {PageLoad} from './$types';
+
+export function load({ url }) {
+    console.log("got token: ",url.searchParams.get('token'));
+    return {token: url.searchParams.get('token') };
+}
\ No newline at end of file