Use the password_reset hook.
function wpse_password_reset( $user, $new_pass ) {
//* Do something useful with $new_pass
}
add_action( 'password_reset', 'wpse_password_reset', 10, 2 );
Edited to add after the comment:
Looks like the reason I can’t use that is that the plugin uses wp_update_user to set the new password. Is there any way I can intercept the password prior to this?
Yes. You can use the send_password_change_email filter.
function wpse_send_password_change_email( $true, $user, $userdata ) {
//* Do something useful with the new password
wp_die(
sprintf(
'%1$s changed their password to %2$s.',
$userdata[ 'user_login' ],
$_POST[ 'pass1' ]
)
);
//* Need to return $true since it's a filter
return $true;
}
add_filter( 'send_password_change_email', 'wpse_send_password_change_email', 10, 3 );