Yeah, that's what i've done. I made a copy of the login page and modified it to add a link to the page with the password recovery web part. Then I modified the web application settings in central admin to point to my new login page.
As for the password recovery page, I created an application page with anonymous access and dropped the password recovery web part on it. There's some info on doing that here:
Alternatively you can just create a standard SharePoint page, add the web part and give it anonymous access.