Not much different than a link to change your password that had those two random values added as a query parameter (which is what the link you get effectively does). Uncommon way to do it, but no real difference in the security model. Good to see they have a way to expire the password and force you to reset it if they ever had a compromise (since they note it has less than 1 day’s validity). Another upside is that by having already changed your password to this new random value, your account should also be locked until the password is changed. That one’s a mixed bag. Could be nice to know someone tried, could be frustrating if someone uses this to mildly DoS your account.