When creating new users an admin must currently also populate the password of these users. A more secure approach would be to provision users without a password (but populate database with randomly generated strong password) and send an email to force users to change their password immediately upon user creation.
Thank you for submitting this feedback!