duplicate, sorry... I suggest everyone's password be randomized. Users can then have their new passwords emailed to themselves. This will be much quicker that waiting for everyone getting the message to reset their own passwords.