peppogiappe that's a lot of different things. It's doable, but we can' do all the work for you.
Could you describe the use case ?
What about manually triggering a password reset for those users and optionally remove their current password so they are forced to follow the reset.
Regarding your original query you would need an additional forum attribute to let the frontend know it has to redirect, add javascript to trigger a client-side redirect on page load, either add a new password reset page and feature that doesn't use reset tokens, or create a password reset token, and maybe silence the email that goes with it, then redirect to the existing page with the token already filled. If you want to block the user until they change password, a logic similar to suspend/terms should be used. The FoF Terms extension might be a good example of something similar (can't interact with the forum until the TOS are accepted if there was an update).