When passwords are required, users should be allowed to choose their own passwords and to change their passwords as needed.
Additional Information:
Where data protection is critical, user selected passwords should be tested against a list of common passwords (for example, "me," car types, names spelled backwards "nhoj," or birth dates). A password chosen by a user will generally be easier for that individual to remember. Security is enhanced if users are readily able to change their passwords, e.g., a user may suspect that a password has been disclosed, and thus may wish to change it.