When an administrator resets a users password manually the system sets this password to expire 'yesterday' this means that the user is forced to change the password at the point of login.
Under normal circumstances this is fine, however, when the user is logging into SB3 directly (as is the case more and more lately) the 'existing user' option on SB3 does not know how to deal with an expired password and just tells the user/candidate that the password has expired. (well, actually it says the password is wrong!)
A solution to this is to remove the password expiry date when resetting credentials but this takes away a layer of security in a way because the account password has not been decided by the user.
We are planning on developing this in Q1 next year.