VSys allows your users to change their own passwords once they're logged in. Password self-update is enabled by default and users can change their password from anywhere in the program. If you want to turn off this option, from the Administrator Tools panel in the Security Options area, choose Disallow user self-changing of passwords.
In the top navigation bar, VSys always shows who's logged in:
Clicking on the Change password link requires that they re-authenticate with their current password, then enter a new one, in duplicate, which conforms to the current password rules.
When the user logs in, if their password is expired, they'll be prompted and required to update it in order to continue.