use 1 and 0 as the values for the firstLogin column.
set the default value to 0.
you only need to one session named firstLogin, this session will be set to either 0 or 1 based on the value stored in the firstLogin column.
if the session firstLogin is = to 0, it is the first time they are loging in, if = to 1, they have changed the password.
create the firsttimelogin rule as:
allow if
For the value, click the lightning bolt and select the firstLogin session
set the critiria to "="
set the comparison to "0"