diff --git a/actions.php b/actions.php
index 51ee0bfb1a..f0d87e1d68 100644
--- a/actions.php
+++ b/actions.php
@@ -414,7 +414,7 @@
 			setcookie(session_name(), '', time()-42000, '/');
 		}
 		session_destroy();
-	} else if ($_GET['action']=="chgpwd") {
+	} else if ($_GET['action']=="chgpwd" || $_GET['action']=="forcechgpwd") {
 		//DB $query = "SELECT password FROM imas_users WHERE id = '$userid'";
 		//DB $result = mysql_query($query) or die("Query failed : " . mysql_error());
 		//DB $line = mysql_fetch_array($result, MYSQL_ASSOC);
@@ -427,12 +427,10 @@
 			} else {
 				$newpw =md5($_POST['pw1']);
 			}
-			//DB $query = "UPDATE imas_users SET password='$md5pw' WHERE id='$userid'";
-			//DB mysql_query($query) or die("Query failed : " . mysql_error());
-			$stm = $DBH->prepare("UPDATE imas_users SET password=:newpw WHERE id=:uid LIMIT 1");
+			$stm = $DBH->prepare("UPDATE imas_users SET password=:newpw,forcepwreset=0 WHERE id=:uid LIMIT 1");
 			$stm->execute(array(':uid'=>$userid, ':newpw'=>$newpw));
 		} else {
-			echo "<html><body>Password change failed.  <A HREF=\"forms.php?action=chgpwd$gb\">Try Again</a>\n";
+			echo "<html><body>Password change failed.  <a href=\"forms.php?action=".Sanitize::simpleString($_GET['action']).$gb."\">Try Again</a>\n";
 			echo "</body></html>\n";
 			exit;
 		}
diff --git a/admin/actions.php b/admin/actions.php
index 72c46a9d57..062838d39e 100644
--- a/admin/actions.php
+++ b/admin/actions.php
@@ -108,7 +108,7 @@
 				$query .= ',SID=:SID';
 			}
 			if (isset($_POST['doresetpw'])) {
-				$query .= ',password=:password';
+				$query .= ',password=:password,forcepwreset=1';
 			}
 			$query .= " WHERE id=:id";
 			$stm = $DBH->prepare($query);
@@ -212,26 +212,6 @@
 		deletealluserfiles($_GET['id']);
 		//todo: delete courses if any
 		break;
-	case "chgpwd":
-		$stm = $DBH->prepare("SELECT password FROM imas_users WHERE id=:id");
-		$stm->execute(array(':id'=>$userid));
-		$line = $stm->fetch(PDO::FETCH_ASSOC);
-
-		if ((md5($_POST['oldpw'])==$line['password'] || (isset($CFG['GEN']['newpasswords']) && password_verify($_POST['oldpw'], $line['password'])) ) && ($_POST['newpw1'] == $_POST['newpw2'])) {
-			$md5pw =md5($_POST['newpw1']);
-			if (isset($CFG['GEN']['newpasswords'])) {
-				$md5pw = password_hash($_POST['newpw1'], PASSWORD_DEFAULT);
-			} else {
-				$md5pw = md5($_POST['newpw1']);
-			}
-			$stm = $DBH->prepare("UPDATE imas_users SET password=:password WHERE id=:id");
-			$stm->execute(array(':password'=>$md5pw, ':id'=>$userid));
-		} else {
-			echo "<HTML><body>Password change failed.  <A HREF=\"forms.php?action=chgpwd\">Try Again</a>\n";
-			echo "</body></html>\n";
-			exit;
-		}
-		break;
 	case "newadmin":
 		if ($myrights < 75 && ($myspecialrights&16)!=16 && ($myspecialrights&32)!=32) { echo "You don't have the authority for this action"; break;}
 		if ($_POST['newrights']>$myrights) {
diff --git a/admin/forms.php b/admin/forms.php
index b85ba32ff2..f5a08b9508 100644
--- a/admin/forms.php
+++ b/admin/forms.php
@@ -2,7 +2,7 @@
 //IMathAS:  Admin forms
 //(c) 2006 David Lippman
 require("../init.php");
-$placeinhead = '<script type="text/javascript" src="'.$imasroot.'/javascript/jquery.validate.min.js"></script>';
+$placeinhead = '<script type="text/javascript" src="'.$imasroot.'/javascript/jquery.validate.min.js?v=122917"></script>';
 require("../header.php");
 require("../includes/htmlutil.php");
 
@@ -68,16 +68,6 @@
 		echo "<input type=button value=\"Nevermind\" class=\"secondarybtn\" onclick=\"window.location='".Sanitize::encodeStringForJavascript($backloc)."'\"></p>\n";
 		echo '</form>';
 		break;
-	case "chgpwd":
-		echo '<div id="headerforms" class="pagetitle"><h2>Change Your Password</h2></div>';
-		echo "<form method=post action=\"actions.php?from=".Sanitize::encodeUrlParam($from)."\">\n";
-		echo '<input type=hidden name=action value="chgpwd" />';
-		echo "<span class=form>Enter old password:</span>  <input class=form type=password name=oldpw size=40> <BR class=form>\n";
-		echo "<span class=form>Enter new password:</span> <input class=form type=password name=newpw1 size=40> <BR class=form>\n";
-		echo "<span class=form>Verify new password:</span>  <input class=form type=password name=newpw2 size=40> <BR class=form>\n";
-		echo '<div class=submit><button type=submit name="action" value="chgpwd">'._('Save').'</button></div></form>';
-		break;
-
 	case "chgrights":
 	case "newadmin":
 		if ($myrights < 75 && ($myspecialrights&16)!=16 && ($myspecialrights&32)!=32) { echo "You don't have the authority for this action"; break;}
@@ -141,8 +131,8 @@ function onrightschg() {
 		if ($_GET['action'] == "newadmin") {
 			echo '<span class="form">Password:</span> <input class="form" type="text" size="40" name="pw1"/><br class="form"/>';
 		} else {
-			echo '<span class=form>Reset password?</span><span class=formright><input type=checkbox name="doresetpw" value="1" /> ';
-			echo 'Reset to: <input type=text size=20 name="newpassword" /></span><br class=form />';
+			echo '<span class=form>Reset password?</span><span class=formright><input type=checkbox name="doresetpw" value="1" onclick="$(\'#newpwwrap\').toggle(this.checked)"/> ';
+			echo '<span id="newpwwrap" style="display:none">Set temporary password to: <input type=text size=20 name="newpassword" /></span></span><br class=form />';
 		}
 
 		echo "<BR><span class=form><img src=\"$imasroot/img/help.gif\" alt=\"Help\" onClick=\"window.open('$imasroot/help.php?section=rights','help','top=0,width=400,height=500,scrollbars=1,left='+(screen.width-420))\"/> Set User rights to: </span> \n";
diff --git a/admin/importstu.php b/admin/importstu.php
index d51b8d396d..dee6a06054 100644
--- a/admin/importstu.php
+++ b/admin/importstu.php
@@ -175,7 +175,7 @@ function parsecsv($data) {
 				//DB $query = "INSERT INTO imas_users (SID,FirstName,LastName,email,rights,password) VALUES ('$arr[0]','$arr[1]','$arr[2]','$arr[3]',10,'$pw')";
 				//DB mysql_query($query) or die("Query failed : " . mysql_error());
 				//DB $id = mysql_insert_id();
-				$stm = $DBH->prepare("INSERT INTO imas_users (SID,FirstName,LastName,email,rights,password) VALUES (:SID, :FirstName, :LastName, :email, :rights, :password)");
+				$stm = $DBH->prepare("INSERT INTO imas_users (SID,FirstName,LastName,email,rights,password,forcepwreset) VALUES (:SID, :FirstName, :LastName, :email, :rights, :password, 1)");
 				$stm->execute(array(':SID'=>$arr[0], ':FirstName'=>$arr[1], ':LastName'=>$arr[2], ':email'=>$arr[3], ':rights'=>10, ':password'=>$pw));
 				$id = $DBH->lastInsertId();
 			}
@@ -328,7 +328,7 @@ function parsecsv($data) {
 ?>
 			</tbody>
 			</table>
-
+ 
 <?php
 		foreach($_POST as $k=>$v) {
 			echo "<input type=hidden name=\"" . Sanitize::encodeStringForDisplay($k) . "\" value=\"".Sanitize::encodeStringForDisplay($v)."\">\n";
@@ -384,7 +384,7 @@ function parsecsv($data) {
 			<input type=text name=unloc size=4 value="2"/>
 		</span><br class=form>
 
-		<span class=form>Password is in column:</span>
+		<span class=form>Temporary password is in column:</span>
 		<span class=formright>
 			<input type=text name="pwcol" size=4 value="1"/>
 		</span><br class=form>
diff --git a/bltilaunch.php b/bltilaunch.php
index 36c6ede23a..868eb33cc4 100644
--- a/bltilaunch.php
+++ b/bltilaunch.php
@@ -328,7 +328,7 @@ function reporterror($err) {
 		//ask for student info
 		$flexwidth = true;
 		$nologo = true;
-		$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/jquery.validate.min.js"></script>';
+		$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/jquery.validate.min.js?v=122917"></script>';
 		require("header.php");
 		if (isset($infoerr)) {
 			echo '<p class=noticetext>'.Sanitize::encodeStringForDisplay($infoerr).'</p>';
@@ -1782,7 +1782,7 @@ function findfolder($items,$n,$loc) {
 		//ask for student info
 		$nologo = true;
 		$flexwidth = true;
-		$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/jquery.validate.min.js"></script>';
+		$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/jquery.validate.min.js?v=122917"></script>';
 		require("header.php");
 		if (isset($infoerr)) {
 			echo '<p class=noticetext>'.Sanitize::encodeStringForDisplay($infoerr).'</p>';
diff --git a/course/listusers.php b/course/listusers.php
index 4fba31cf08..614d831808 100644
--- a/course/listusers.php
+++ b/course/listusers.php
@@ -185,7 +185,7 @@
 	} elseif (isset($_GET['newstu']) && $CFG['GEN']['allowinstraddstus']) {
 		$curBreadcrumb .= " &gt; <a href=\"listusers.php?cid=$cid\">Roster</a> &gt; Enroll Students\n";
 		$pagetitle = "Enroll a New Student";
-		$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/jquery.validate.min.js"></script>';
+		$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/jquery.validate.min.js?v=122917"></script>';
 
 		if (isset($_POST['SID'])) {
 			require_once("../includes/newusercommon.php");
@@ -204,8 +204,8 @@
 				//DB $query .= "VALUES ('{$_POST['SID']}','$md5pw',10,'{$_POST['firstname']}','{$_POST['lastname']}','{$_POST['email']}',0);";
 				//DB mysql_query($query) or die("Query failed : " . mysql_error());
 				//DB $newuserid = mysql_insert_id();
-				$query = "INSERT INTO imas_users (SID, password, rights, FirstName, LastName, email, msgnotify) ";
-				$query .= "VALUES (:SID, :password, :rights, :FirstName, :LastName, :email, :msgnotify);";
+				$query = "INSERT INTO imas_users (SID, password, rights, FirstName, LastName, email, msgnotify, forcepwreset) ";
+				$query .= "VALUES (:SID, :password, :rights, :FirstName, :LastName, :email, :msgnotify, 1);";
 				$stm = $DBH->prepare($query);
 				$stm->execute(array(':SID'=>$_POST['SID'], ':password'=>$md5pw, ':rights'=>10,
 					':FirstName'=>$_POST['firstname'], ':LastName'=>$_POST['lastname'], ':email'=>$_POST['email'], ':msgnotify'=>0));
@@ -269,7 +269,7 @@
 	} elseif (isset($_GET['chgstuinfo'])) {
 		$curBreadcrumb .= " &gt; <a href=\"listusers.php?cid=$cid\">Roster</a> &gt; Change User Info\n";
 		$pagetitle = "Change Student Info";
-		$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/jquery.validate.min.js"></script>';
+		$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/jquery.validate.min.js?v=122917"></script>';
 		require_once("../includes/newusercommon.php");
 
 		if (isset($_POST['firstname'])) {
@@ -321,7 +321,7 @@
 						$newpw = md5($_POST['pw1']);
 					}
 					//DB $query .= ",password='$newpw'";
-					$query .= ",password=:password";
+					$query .= ",password=:password,forcepwreset=1";
 					$qarr[':password'] = $newpw;
 					$msgout .= '<p>Password updated</p>';
 				}
@@ -731,14 +731,15 @@ function postRosterForm(uid,action) {
 			<span class=formright><input type="number" min="0.01" step="0.01" name="timelimitmult" value="<?php echo Sanitize::encodeStringForDisplay($lineStudent['timelimitmult']); ?>"/></span><br class=form>
 			<span class=form>LatePasses:</span>
 			<span class=formright><input type="number" min="0" name="latepasses" value="<?php echo Sanitize::encodeStringForDisplay($lineStudent['latepass']); ?>"/></span><br class=form>
-			<span class=form>Lock out of course?:</span>
+			<span class=form>Lock out of course?</span>
 			<span class=formright><input type="checkbox" name="locked" value="1" <?php if ($lineStudent['locked']>0) {echo ' checked="checked" ';} ?>/></span><br class=form>
-			<span class="form">Student has course hidden from course list?:</span>
+			<span class="form">Student has course hidden from course list?</span>
 			<span class="formright"><input type="checkbox" name="hidefromcourselist" value="1" <?php if ($lineStudent['hidefromcourselist']>0) {echo ' checked="checked" ';} ?>/></span><br class=form>
 			<span class=form><label for="doresetpw">Reset password?</label></span>
 			<span class=formright>
-				<input type=checkbox name="doresetpw" id="doresetpw" value="1" /> <label for="pw1">Reset to:</label>
-				<input type=text size=20 name="pw1" id="pw1" />
+				<input type=checkbox name="doresetpw" id="doresetpw" value="1" onclick="$('#newpwwrap').toggle(this.checked)" /> 
+				<span id="newpwwrap" style="display:none"><label for="pw1">Set temporary password to:</label> 
+				<input type=text size=20 name="pw1" id="pw1" /></span>
 			</span><br class=form />
 			<div class=submit><input type=submit value="Update Info"></div>
 		</form>
diff --git a/directaccess.php b/directaccess.php
index f4268ac4de..378f482fe4 100644
--- a/directaccess.php
+++ b/directaccess.php
@@ -185,7 +185,7 @@
 			 $challenge = base64_encode(microtime() . rand(0,9999));
 			 $_SESSION['challenge'] = $challenge;
 		 }
-		$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/jquery.validate.min.js"></script>';
+		$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/jquery.validate.min.js?v=122917"></script>';
 		if (isset($CFG['locale'])) {
 			$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/jqvalidatei18n/messages_'.$CFG['locale'].'.min.js"></script>';
 		}
diff --git a/forms.php b/forms.php
index 022f259760..134862b8b2 100644
--- a/forms.php
+++ b/forms.php
@@ -24,7 +24,7 @@
 } else {
 	$gb = '';
 }
-$placeinhead = '<script type="text/javascript" src="'.$imasroot.'/javascript/jquery.validate.min.js"></script>';
+$placeinhead = '<script type="text/javascript" src="'.$imasroot.'/javascript/jquery.validate.min.js?v=122917"></script>';
 if (isset($CFG['locale'])) {
 	$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/jqvalidatei18n/messages_'.$CFG['locale'].'.min.js"></script>';
 }
@@ -94,12 +94,18 @@
 			include($studentTOS);
 		}
 		break;
+	case "forcechgpwd":
 	case "chgpwd":
-		if ($gb == '') {
+		if ($gb == '' && $_GET['action']!='forcechgpwd') {
 			echo "<div class=breadcrumb><a href=\"index.php\">Home</a> &gt; Change Password</div>\n";
 		}
 		echo '<div id="headerforms" class="pagetitle"><h2>Change Your Password</h2></div>';
-		echo "<form id=\"pageform\" class=limitaftervalidate method=post action=\"actions.php?action=chgpwd$gb\">\n";
+		if ($_GET['action']=='forcechgpwd') {
+			echo '<p>'._('To ensure the security of your account, we are requiring a password change. Please select a new password.').'</p>';
+			echo "<form id=\"pageform\" class=limitaftervalidate method=post action=\"actions.php?action=forcechgpwd$gb\">\n";
+		} else {
+			echo "<form id=\"pageform\" class=limitaftervalidate method=post action=\"actions.php?action=chgpwd$gb\">\n";
+		}
 		echo "<span class=form><label for=\"oldpw\">Enter old password:</label></span> <input class=form type=password id=oldpw name=oldpw size=40 /> <BR class=form>\n";
 		echo "<span class=form><label for=\"pw1\">Enter new password:</label></span>  <input class=form type=password id=pw1 name=pw1 size=40> <BR class=form>\n";
 		echo "<span class=form><label for=\"pw2\">Verify new password:</label></span>  <input class=form type=password id=pw2 name=pw2 size=40> <BR class=form>\n";
diff --git a/includes/newusercommon.php b/includes/newusercommon.php
index 3b1f334950..02a664d86b 100644
--- a/includes/newusercommon.php
+++ b/includes/newusercommon.php
@@ -28,10 +28,13 @@ function showNewUserValidation($formname, $extrarequired=array(), $requiredrules
         echo '"
       },
       pw1: {
-        required: '.(isset($requiredrules['pw1'])?$requiredrules['pw1']:'true').',';
+      	required: '.(isset($requiredrules['pw1'])?$requiredrules['pw1']:'true').',';
         if (isset($CFG['acct']['passwordFormat'])) {
           echo 'pattern: '.$CFG['acct']['passwordFormat'].',';
         }
+        if (in_array('oldpw', $extrarequired)) {
+        	echo 'notEqual: "#oldpw",';
+        }
         echo 'minlength: '.(isset($CFG['acct']['passwordMinlength'])?$CFG['acct']['passwordMinlength']:6).'
       },
       pw2: {
diff --git a/javascript/jquery.validate.min.js b/javascript/jquery.validate.min.js
index 44102f91bd..ec1b71c95b 100644
--- a/javascript/jquery.validate.min.js
+++ b/javascript/jquery.validate.min.js
@@ -18,3 +18,6 @@ $.validator.addMethod( "pattern", function( value, element, param ) {
 	}
 	return isok;
 }, "Invalid format." );
+$.validator.addMethod("notEqual", function(value, element, param) {
+ return this.optional(element) || value != $(param).val();
+}, "This has to be different...");
diff --git a/migrations/137_add_forcepwreset.php b/migrations/137_add_forcepwreset.php
new file mode 100644
index 0000000000..a13353050a
--- /dev/null
+++ b/migrations/137_add_forcepwreset.php
@@ -0,0 +1,18 @@
+<?php
+
+//Add jsondata field to imas_users
+$DBH->beginTransaction();
+
+ $query = "ALTER TABLE `imas_users` ADD `forcepwreset` TINYINT(1) UNSIGNED NOT NULL DEFAULT '0'";
+ $res = $DBH->query($query);
+ if ($res===false) {
+ 	 echo "<p>Query failed: ($query) : " . $DBH->errorInfo() . "</p>";
+	$DBH->rollBack();
+	return false;
+ }
+
+$DBH->commit();
+
+echo "<p style='color: green;'>✓ Added forcepwreset field to imas_users</p>";
+
+return true;
diff --git a/util/batchcreateinstr.php b/util/batchcreateinstr.php
index 1d7cff6598..063e5874aa 100644
--- a/util/batchcreateinstr.php
+++ b/util/batchcreateinstr.php
@@ -57,7 +57,7 @@
 			$hashpw = md5($data[1]);
 		}
     echo "Importing ".Sanitize::encodeStringForDisplay($data[0])."<br/>";
-    $query = 'INSERT INTO imas_users (SID,password,FirstName,LastName,rights,email,groupid,homelayout) VALUES (:SID, :password, :FirstName, :LastName, :rights, :email, :groupid, :homelayout)';
+    $query = 'INSERT INTO imas_users (SID,password,FirstName,LastName,rights,email,groupid,homelayout,forcepwreset) VALUES (:SID, :password, :FirstName, :LastName, :rights, :email, :groupid, :homelayout, 1)';
     $stm = $DBH->prepare($query);
     $stm->execute(array(':SID'=>$data[0], ':password'=>$hashpw, ':FirstName'=>$data[2], ':LastName'=>$data[3],
             ':rights'=>40, ':email'=>$data[4], ':groupid'=>$newusergroupid, ':homelayout'=>$homelayout));
@@ -218,7 +218,7 @@
   echo '<form enctype="multipart/form-data" method="post" action="'.$imasroot.'/util/batchcreateinstr.php">';
   echo '<p>This page lets you create instructor accounts from a CSV, and copy courses for them if desired</p>';
   echo '<p>Column Format:</p><ul>';
-  echo '<li>1) username</li><li>2) password</li><li>3) First Name</li>';
+  echo '<li>1) username</li><li>2) temporary password</li><li>3) First Name</li>';
   echo '<li>4) Last Name</li><li>5) email</li>';
   echo '<li>Columns 6,7,etc. can be course IDs to create copies of for that instructor</li></ul>';
   if ($myrights == 100 || ($myspecialrights&32)==32) {
diff --git a/validate.php b/validate.php
index ec987db140..dc82951faf 100644
--- a/validate.php
+++ b/validate.php
@@ -277,7 +277,6 @@
 		 	 $stm->execute(array(':lastaccess'=>$now, ':id'=>$userid));
 		 }
 
-
 		 if (!empty($_SERVER['QUERY_STRING'])) {
        $querys = '?' . Sanitize::fullQueryString($_SERVER['QUERY_STRING']) . (isset($addtoquerystring) ? '&' . Sanitize::fullQueryString($addtoquerystring) : '');
 		 } else {
@@ -326,7 +325,7 @@
 	//$username = $_COOKIE['username'];
 	$query = "SELECT SID,rights,groupid,LastName,FirstName,deflib";
 	if (strpos(basename($_SERVER['PHP_SELF']),'upgrade.php')===false) {
-		$query .= ',listperpage,hasuserimg,theme,specialrights,FCMtoken';
+		$query .= ',listperpage,hasuserimg,theme,specialrights,FCMtoken,forcepwreset';
 	}
 	//DB $query .= " FROM imas_users WHERE id='$userid'";
 	//DB $result = mysql_query($query) or die("Query failed : " . mysql_error());
@@ -359,6 +358,11 @@
 	if (isset($sessiondata['userprefs']['usertheme']) && strcmp($sessiondata['userprefs']['usertheme'],'0')!=0) {
 		$coursetheme = $sessiondata['userprefs']['usertheme'];
 	}
+	
+	if (!empty($line['forcepwreset']) && (empty($_GET['action']) || $_GET['action']!='forcechgpwd') && (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltirole']!='learner')) {
+		 header('Location: ' . $GLOBALS['basesiteurl'] . '/forms.php?action=forcechgpwd');
+		 exit;
+	}
 
 	$basephysicaldir = rtrim(dirname(__FILE__), '/\\');
 	if ($myrights==100 && (isset($_GET['debug']) || isset($sessiondata['debugmode']))) {