I've noticed that players can literally sit there and type in every single word, number, capital, and symbol combination in the world, in order to guess other's passwords. Not only can they do this, there are multiple programs that can also do this in less than 60 seconds.
I think Randomize should create a password spam protector; meaning after 5 (or more) failed attempts at typing in a user's password, they're IP should be banned from trying again—on that particular username—for a certain time limit, or even 24 hours..
Also, you can just change the current password A.S.A.P, so if for example, someone leaves their computer still logged on, their friend could come along and change their password without even knowing the original password itself.
Yes, it should probably be an advanced system that has sercurity questions and confirmations. Many websites do have this simple system in place that is much harder to hack. If the passwords were like MSN, Yahoo, eBay e.t.c then less (hopefully none) accounts will be hacked.
Nice one randomize and I hope we come advanced and more secure in the near future :)