I see your point that the password is one way encrypted as to why you cannot force the user to change it.
I have posted in the actual joomla forum to make the password verification better in the core and no reply for a long time.
I'm not sure what you mean by validate the form differently? In general though, yes, there are ways that we could do additional checks on the password in order to ensure that the user has changed it. However, going down that route would take a bit of effort and also cause the plugin to pretty much have to grow into a component (much more complex). Once we were to do some sort of verification the user changed their password, the next (obvious) suggestion would be to implement a security check of x-days and you must change the password.
All are noble goals and things we'd love to implement and use ourselves. Unfortunately, security isn't our area of expertise. This plugin was created for a previous client of ours and their goals were just a simple on-login reminder to change the password. We haven't done much development on it since because a) we don't have the time to do everything we'd love to do and b) we don't want it to have to grow large enough that either we can't support it or would have to start charging for it. We like have some free extensions out there as it's a great way to give back, but we can't focus all the time on them as we can to our paid extensions, as that's what pays the bills.
Thanks again for the feedback, and best of luck!