One reason why many sites are hacked is because users don't change their passwords frequently enough, if at all.
This plugin would be ideal, if it also forced users to do this, based on an interval of x days after registration or after the last password change. Any chance of adding this functionality? I would even pay for such a plugin to help secure my sites better. :-)
That'd be more difficult to do for the free version than we like. Currently, Joomla only tracks the initial registration date, which makes it very easy to force a new password on the first login. Unfortunately, there's nothing to track when passwords were updated, so we'd have to create a table, hook into the user component, and track when passwords were changed. It's a bit of work, and something we won't be taking on anytime soon.
Definitely appreciate the feedback, and hope this does at least a little of what you're looking for!