There are three options:
When creating a user choose the second or third possibility. If you change settings later, then the first option makes sense. If a user forgets her password, you as SYSOP cannot access it but you set the second option above and the user is forced to enter a new password on next login.