We favor a kind of middle ground, and have built a free tool to make it easy for you to do.
When users choose their own, approximately 15% will choose password from the top
10 most popular. These are things like "password" and "123456". The bad guys know
what those top ten passwords are, and they will be guessed. So letting users choose
their own doesn't work too well. At least, not as most adult sites do it. The way
banks do it is a little better - you can choose your own, but subject to certain rules,
so you're not allowed to have "password" as your password. Of course, many sites
are TOO restrictive in their rules -- 8-10 characters, must start with a letter, must not ...
Longer passwords are always better, so 8-10 characters is a dumb rule.
Assigning random passwords also has problems. Paying customers are often people
who are not technically sophisticated enough to find what the want for free, so
they have trouble even TYPING "lI1Kg`O0^}+", much less REMEMBERING it.
The middle ground we use is to assign passwords that are easy for most people to
type and can even be remembered, but are not easy for the bad guys to guess.
The passwords created by our free tool look like words and can be pronounced
like words, so they can be typed. An example would be "betorling". That's easier to
type than "J(dD?/gW", and certainly easier to remember. "betorling" isn't really a
word, though, so it's not in the bad guy's dictionary.
The free password generator can be found at:
https://bettercgi.com/strongbox/passgen/