When a user who's account has expired tries to use the reset password tool (assuming they forgot the old one), they are sent to the expired password form instead, which asks them to enter their old password as well as the new one. Since they reset it, they obviously won't have it. ;-)

Comments

seanr’s picture

Status: Active » Closed (fixed)

Turns out the client had a second module that was being used for the password expiration feature.