Introduction
In one of the consulting projects I'm working on a website that has user accounts (like most every non-trivial Web application). User accounts for this site can be created in one of two ways: by the user himself, in which case that user provides their email address and password; or by the user's boss, in which case the boss simply provides his employee's email address. The system then creates a random password for the employee and emails this information to said employee. Upon first logging in to the site, the employee must change the random password.