Frontend Password change

Hello!

Currently working on a frontend profile environment for a client, and one of the options that is being provided is the ability to set and change a password.

One of the things that I cannot seem to find a solid answer for, is whether or not I need to do any security measures for that user-input password, or if the wp_update_user() function has it built in?

I originally thought that I needed to use wp_hash_password on the string that is passed to wp_update_user’s user_pass…but that’s not working, of course, because it’s storing the hashed version as the password, and then whatever the user had input becomes useless ??

So…any security tips on how I can “properly” allow users to set and update their passwords from the frontend, without using anything related to the default wordpress dashboard?

Thanks in advance for any help that anyone can provide.