Maybe users can also make use of the "Secret Question" feature which might help you recover the account if it's stolen, though it is mentioned that this is not recommended since it also kind of acts like a second password, I still think that it is fine as long as you create an answer which someone should not be able to guess easily. (was there any history here where a user successfully retrieved the account using this feature?). Probably, in relation to forum security, signed message really will help recovering the account.
It's an additional attack surface that could be avoided by just remembering or writing down your password, and storing it in a safe place. That way, is almost entirely secure. Whereas, a secret question could potentially be guess or brute forced. For example, if the forum ever was compromised again (hopefully it won't be) then the hash could potentially be targetted, and if it's not secure enough it could potentially be compromised. If you make your secret question too complicated, then you're probably just as likely to forget it as your password you've set.