If I understand you I think you are not understanding the feature.

"Setting this option to yes requires the user to reset their password the next time they log into the site."

False, but for example; you change the password for an user into a simple one because they forgot. You check the "require password"-option and click save. The option is being reset and set to off while you requested it to be on. If you click "save and close" it'll ignored and the user will be user the easy password.

yes. this is a known problem atm. You can not set the PW reset together with a new pw. So you first need to set the new PW and than edit the user again to set the PR reset.

ah i understand now

here is the last PR tried to fix this issue: #16804 maybe someone else have an good idea how to fix this and not break the other logic michael points out there.

How about resetting the flag only if the User ID is the owner?

Can you please explain a bit more what you want us to implement?

Make the following an if statement where only execute it when the logged in ID is the same as the user ID of the account.

$array['requireReset'] = 0;

In other words, only the owner of the account can reset this flag. Any changes done by the Super Admin on the backend will not affect this flag.

My point in #16804 (comment) still stands. It doesn't really matter WHO changes the password, the system only cares that the password is changed at a point after that flag is set. And without tightly coupling JUser to request data, or moving the code to the com_users MVC (which destroys its usability if you're using some extension which acts as a replacement for com_users), there really isn't a good solution to the scenario of "as an administrator I change an account's password and mark their account as requiring a password reset".

Got it. Can this be closed then as expected behavior?

Closing per above.