You should make use of PASSWORD_VERIFY_FUNCTION.
login as sys.
create a profile with limit to custom function that uses a PASSWORD_VERIFY_FUNCTION.
assign this profile to the user.
once you assign this,
  the user cannot change the password by alter user
  or
  by executing sqlplus command password.
to break the restriction
you should login as sys and revoke the profile from user.

sys@mutation_mutation > show user
USER is "SYS"

sys@mutation_mutation > @restrict_password

Function created.

Profile created.

sys@mutation_mutation > create user sample identified by sample;

User created.

sys@mutation_mutation > alter user sample profile restrict_user;

User altered.

sys@mutation_mutation > grant connect,resource to sample;

Grant succeeded.

sys@mutation_mutation > connect sample/sample
Connected.
sys@mutation_mutation > show user
USER is "SAMPLE"
sys@mutation_mutation > password
Changing password for SAMPLE
Old password:
New password:
Retype new password:
ERROR:
ORA-28003: password verification for the specified password failed
ORA-20001: Restricted operation. Contact the Enterprise Services

Password unchanged

----------------------------------------------------------------------

--
-- this is code
--
sys@mutation_mutation > get restrict_password
  1  CREATE OR REPLACE FUNCTION disable_alter_password  (username VARCHAR2,
  2         password VARCHAR2, old_password VARCHAR2) RETURN boolean IS
  3  BEGIN
  4       raise_application_error(-20001, 'Restricted operation. Contact the Enterprise Services') ;
  5  END ;
  6  /
  7* CREATE  PROFILE restrict_user  LIMIT PASSWORD_VERIFY_FUNCTION disable_alter_password;
sys@mutation_mutation >

you have to create the profile and do all these as SYS only.
NOT AS ANY OTHER USER.
I have specified this in the first posting itself.
to break the restriction,
login as sys,
revoke the profile from the user.
change the password.
grant the profile back to the user( now the password is locked again).