Thanks for your suggestions.
For changing password in profile section would be an extra option for entering Current password then user be able to change the password after entering current password.
I am still considering it a spare option. User can't edit the Profile and so can't edit the Password if s/he's not logged in. But if s/he is logged in, it already means s/he knows the password.
I know there could be a case, when the cookie is being stolen, and somebody could be "logged in" even without knowing the old password; or opening the session on the public computer which was left. Then someone may change the password, and the user gets confused. But if such thing happens, that's a question of a private habit. Just do not leave opened sessions on the public computers :) do not create too simple passwords. That's not truly about the software's security.
If we would need to introduce such thing in miniBB, then it leads to even more complicated registration/profile form. But this is a simple software. Most probably, such option then would need a special section, where only the password may be changed, but then it's not becoming simple to the end user.
Why did you have such a suggestion? Was there a serious case about it on your forum?
If there would be a way that user could choose a mix of uppercase and lowercase and letters and also numbers + symbols. that would be more strong password.
What kind of symbols are being meant?Here
I have quite an old message about this subject, but which still takes place.