This seems to be a big usability problem - requiring the user to remember their username if they forgot their password. Why not only require an email address to send them a reset password link (which I would say is fairly standard)?

Sure, requiring a username with an email address is more secure, but not having a forum at all is even more secure... when security gets too much in the way then it's not always a good idea.

See:
http://www.phpbb.com/community/viewtopic.php?f=64&t=2143041&p=13069741#p13069590