As far as I remeber, XenForo also generates a new Password if you have forgotten your own Password.
What system is XF using for generating Passwords ?
What about if XenForo would automatically generate a Password for a new user during the Sign-up-process, instead of the user choosing his own Password ?
Would this be more secure ?
Hmmm... probably not, since the Password is being sent to the user via Email....