Create a page in your content tree with a custom change password webpart on it. Then simply redirect them to that page and make sure it's not secured or restricted. You will have to create your own custom webpart because you can't simply change a passwword without knowing the user account your changing the password for. So I'd suggest passing a hash or some GUID from the users account to change the password for to your page with the custom webpart on in your custom event.