Depends on the "target" user. Only certain roles can change authentication details on privileged/admin accounts. I.e. to change this for a user holding the User administrator role, you will need to be assigned at least the Privileged Authentication admin role. For the rest, you will be fine with Authentication administrator indeed.
You can refer to this article for the "least privileged" role for any given operation: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/delegate-by-task