Allow people to set their own passwords?
The keyword get-new-password
generates and sets a new password, which is sent back to the sender.
When people request a password through the web interface, should we also generate a password for them? Or should we provide them with a classical input field to enter their self-chosen password?
Technically it would be easier to generate a password. We could even re-use some code. But I guess people want to set their own passwords, and feel that receiving a generated password is less safe?
Please state your opinions.