Welcome email is not quite correct

The new user welcome email isn't quite correct. There is a temporary password sent, but user is never prompted to change it.

Some thoughts on how to fix:

1. require users to change their password upon first login. Or...

2. don't include a temporary password and instead require users to go through reset password flow. Con is that this may be an extra step for users. Or...