Letting the system generate a random 10 character password of characters, numbers, and special characters is generally much more secure than letting the user choose their own password, but its a large inconvenience to the user. I generally let them create their own password according to a set of rules. "Your password must be more than 5 characters, and it must contain a number." Or something similar to that.
|