In the event that the site owner needs the users to change their password for some reason, it would be nice for MediaWiki to have the concept of password expiration.
Typically, I've seen this implemented that a date attribute can be stored on the User, and then a configurable number of days before or after that date, the user gets a "soft" password reset on login-- they are asked to change their password, but they are still logged in and can skip the process for now. After the "soft" phase, the user gets a "hard" reset, and cannot login without changing their password.
After the user resets their password, we could probably have a flag to automatically set the next expiration date, for users that need to comply with password-reset schedules.
The WMF currently has a hack in place on their sites to do a "hard" reset for a set of users, so having this feature in core would decrease our tech-debt, as well as providing a better product for other users of MediaWiki.