I found this plugin in the Joomla Extensions and appears to be exactly what I need to force the user to change their password the first time they sign in, but the latest comment there says there is a problem:
When user logs in and is asked to change the password, he/she can simply click the SAVE button without entering a new password. The password entered during registration remains valid and the user can use it for further log-ins without a problem.
Can you tell me if this has been fixed? I don't see where this person who left the comment in the Joomla Extensions page ever posted in here. I didn't see anything on it, and wanted to know if there is a new version coming out to fix this.
Joomla Extensions page
Pat Vanden Bosche
No, that isn't something we can actually fix. Since the passwords are obscured in the database, it's not easy (or maybe even not possible) to check if the new one is the same as the old.
The Force Password Change plugin isn't meant to be a fail-safe guarantee, mainly just a helpful tool to try and get users to update their password. Unfortunately, this does mean that there are ways around it.
Hope that answers your question, even if it's not specifically what you were looking to hear!
No problem. Hope the explanation worked, and sorry again for the delay. Our free extensions don't get the same high priority as our commercial ones, for obvious reasons, but we do everything we can to maintain them and help answer issues and solver problems where we can!
Thanks for your support,