Allows forcing pass change with new provider, updates conventions to not allow editing of question/answer - unfortunately cannot make the other ones readonly because noEdit data type is the wrong clr type.

src/Umbraco.Core/Constants-Conventions.cs

@@ -228,7 +228,7 @@ namespace Umbraco.Core
 		                    },
 		                    {
 		                        PasswordAnswer,
-		                        new PropertyType(new Guid(PropertyEditors.Textbox), DataTypeDatabaseType.Nvarchar)
+		                        new PropertyType(new Guid(PropertyEditors.NoEdit), DataTypeDatabaseType.Nvarchar)
 		                            {
 		                                Alias = PasswordAnswer,
 		                                Name = PasswordAnswerLabel
@@ -236,7 +236,7 @@ namespace Umbraco.Core
 		                    },
 		                    {
 		                        PasswordQuestion,
-		                        new PropertyType(new Guid(PropertyEditors.Textbox), DataTypeDatabaseType.Nvarchar)
+		                        new PropertyType(new Guid(PropertyEditors.NoEdit), DataTypeDatabaseType.Nvarchar)
 		                            {
 		                                Alias = PasswordQuestion,
 		                                Name = PasswordQuestionLabel

src/Umbraco.Web/Security/Providers/MembersMembershipProvider.cs

@@ -36,6 +36,14 @@ namespace Umbraco.Web.Security.Providers
             get { return "MembersMembershipProvider"; }
         }
 
+        /// <summary>
+        /// For backwards compatibility, this provider supports this option
+        /// </summary>
+        public override bool AllowManuallyChangingPassword
+        {
+            get { return true; }
+        }
+
         protected override MembershipUser ConvertToMembershipUser(IMember entity)
         {
             return entity.AsConcreteMembershipUser(Name);