landed,
I'm not sure what you mean by validate the form differently? In general though, yes, there are ways that we could do additional checks on the password in order to ensure that the user has changed it. However, going down that route would take a bit of effort and also cause the plugin to pretty much have to grow into a component (much more complex). Once we were to do some sort of verification the user changed their password, the next (obvious) suggestion would be to implement a security check of x-days and you must change the password.
All are noble goals and things we'd love to implement and use ourselves. Unfortunately, security isn't our area of expertise. This plugin was created for a previous client of ours and their goals were just a simple on-login reminder to change the password. We haven't done much development on it since because a) we don't have the time to do everything we'd love to do and b) we don't want it to have to grow large enough that either we can't support it or would have to start charging for it. We like have some free extensions out there as it's a great way to give back, but we can't focus all the time on them as we can to our paid extensions, as that's what pays the bills.
Hope you understand and hope that, even if limited, the FPW plugin fulfills some of your needs. Still curious about the Javascript checks you mention. If they're easy, we'd gladly look into them.. but couldn't give a timeline for when it could be done.
Thanks again for the feedback, and best of luck!
Alex
Force password allows a user to not actually change their password.
