It’s becoming more and more frequent that sites are asking / forcing users to reset their passwords. The most recent example is the Heartbleed OpenSSL security threat.
If you manage a Drupal website having people reset their password can be easy with the Password Policy Module.
After turning the module on you can navigate to
Where you’ll find a set of checkboxes where you can choose which role you want to force to reset their password. You can choose the authenticated user role in order to reset every users password.
The the super users password won’t be forced to be reset unless specified in the settings tab.