[OpenID] Password age and password reset

[SitG Admin]

>Ok, so I think I see what you're saying, but rather than just a 
>simple password change, it sounds like this scenario warrants the OP 
>challenging the user.

A third scenario: the RP asks the OP if "time since password was last 
changed" is greater than six months, and the OP says "yes". Seeing 
this as a risk, the RP sends the user back to this OP with 
instructions to inform the user that they cannot log in again until 
they have a new password.

-Shade