Would appreciate advise on best practices for setting up user accounts and passwords.
I have a web-based app running on a hosted Linux server, latest version Apache, PHP, SQL. SSL is used for this site.
It's necessary to allow some users of this app to setup accounts for other users. Here's how the process works today:
1) User 1 logs in, we will call this user Admin.
2) Admin creates a new user by entering form data which includes new user's name and email address. When Admin posts back to the server a random password is then created, encrypted (using hash/salt) and stored in SQL. The proper SQL-injection guards are in place.
3) An email is then sent to the new user giving them both a username and the random password.
4) When the new user logs in they are forced to change the password.
The Admin has to be trusted to have the correct email for the new user and be allowed to create new users on their own, that's not the issue. My concern is with the security of sending the username and password through email. But, I can't get my head around any other way to do this. If I change it so that a link is sent to the new user that info could be intercepted as easily as sending a username and password. The only verifiable data we have on the new user is their email.
What do best practices suggest?