Thanks for sharing this plugin with the community. It sounds like a very useful idea. I was testing the plugin.
It seems that if I locked a user's access to expire their temporary account, they would still be able to use password reset form to regenerate a new password and login. To permenantly delete a user's access their temporary login needs to be deleted as well.
I think it would be safer if an expired account is not allowed to reset password.
https://wordpress.org/plugins/temporary-login-without-password/