Since version 5.6.6 MySQL has introduced the capability to force an user to change their password.
You can archive that by issue ALTER USER PASSWORD EXPIRE statement.
ALTER USER 'marcelo'@'localhost' PASSWORD EXPIRE;
Next time marcelo tries to login from localhost it will block all statements rather then SET PASSWORD;
mysql> \s ERROR 1820 (HY000): You must SET PASSWORD before executing this statement
To remove this block, just issue an :
SET PASSWORD = PASSWORD('pwd'); #Or use the hash received from SELECT PASSWORD('pwd'); SET PASSWORD = '*975B2CD4FF9AE554FE8AD33168FBFC326D2021DD';
But be careful, if you expire the password for an account, you won’t be able to login with any client version before 5.6.10(GA):
ERROR 1862 (HY000): Your password has expired. To log in you must change it using a client that supports expired passwords.
As Peter Zaitsev wrote on his post in some rpm installation, MySQL install the root user with a temporary password and force you to change it in the next login.