Does that mean you have a premium version of the product or premium support model? If you have a premium version, does that still mean that the user has to implement these code snippets manually into the plugin?
It is a premium support model. And no, I would never recommend that any code be modified in the plugin. That does not follow WP best practices. The plugin is a fully featured framework. The plugin has over 60 action and filter hooks and 35 pluggable functions allowing you to customize the plugin from your functions.php file just like WordPress. Even the admin is extensible, essentially allowing plugins for the plugin. The code library available to premium support members consists of well over 100 code snippets and tutorials for users to quickly and easily deploy customizations. But that is not required for users to be able to use the plugin, and the online documentation for the plugin is freely available.
I would disagree with you that a single stage password reset is "industry standard." There are many different models of varying security. The model in the plugin is essentially a middle-of-the-road solution. A single stage password reset is the least secure option.
For that reason alone I wouldn't purchase it.
My post was not intended to solicit you do so. But it would have been difficult to give you a complete answer without mentioning that this was available in the code library.