ACP -> Users And Groups -> Manage Users -> user_x -> Overview (or future equivalent):
- - It'd be great to be able to have a 'Require password change on next login' checkbox that implements the necessary functionality
- Option to set this default "checked" for all new users would be nice too so those that always want it can have it, and visa versa.
- While possibly difficult to implement it would make sense that this would require their new password not to be their old password.
- Could (probably) easily integrate with existing code of 'expire password' such that instead of writing lots of new code, just call whatever it calls.
1.) You admin a 100% closed site wherein registrations are done entirely through the ACP and the initial password is chosen by the admin (what I have right now). You tell your users to change their password on first login. You even provide them a link to use as their "first login" which conveniently points right at the password change screen. But users, being users, ignore you. Months down the line you login to their account with the old password and PM them from their own account a friendly reminder all the while cursing because you wish the above feature was implemented. Damn users.
2.) You suspect a particular users' account may be compromised however you don't want to outright change their pwd & envoke support requests. Instead you want him to have to change it on next login. If it's compromised the un-auth'd user will either abandon the account or change the password. Option a.) yay.; b.) the auth'd user will envoke powers of 'forgot my password' have the temp sent to them, go and reset it and... yay.
3.) You admin a site where, for whatever reason, you are changing a user's password for them (perhaps the knob posted his password online) so you change it and provide it to him, however you want to make sure that they immediately change it once they get back in.
4.) I'm sure there's other use-cases that I can't think of so instead I'll simply say: there's got to be a reason why so many systems (bb and otherwise) come with the 'change password on next login' feature.
Anyways, that's all I've got. Hope it's of some value to the community.
Corollary that may/may not be possible/easy: Don't allow users to re-use passwords. A feature request for another day...