I guess that the current mandatory password change is partly for getting all players away from their assumed standard password. The change will unlink GW2 accounts from all other accounts and websites.
The problem I see, are the new players. If there password is not on the blacklist, they might reuse a password that is new for Anet but common for the new player. In order to give them the same security level as all the old players are getting now, there will have to be a mandatory password change for new players down the road as well.
There are several options:
I would opt for the first option, because it may cause less revolutionary feelings in some players while giving easy security advantages.
The most secure way would be the last option.
Not affiliated with ArenaNet or NCSOFT. No support is provided.
All assets, page layout, visual style belong to ArenaNet and are used solely to replicate the original design and preserve the original look and feel.
Contact /u/e-scrape-artist on reddit if you encounter a bug.