You can force users to have password based on security requirements.
To have automatic workflow of
Disable user automatically if from last login passed X number of days and
Force user logout if last login was X hours ago please setup a login monitoring cronjob.
Should be run every hour
php cron.php -s site_admin -c cron/login_monitoring