diff --git a/core/src/Revolution/modUser.php b/core/src/Revolution/modUser.php
index 9cdee5042dd..06c3c2e48dd 100644
--- a/core/src/Revolution/modUser.php
+++ b/core/src/Revolution/modUser.php
@@ -898,25 +898,20 @@ public function removeLocks(array $options = [])
     public function generatePassword($length = null, array $options = [])
     {
         if ($length === null) {
-            $length = $this->xpdo->getOption('password_generated_length', null, 10, true);
+                $length = $this->xpdo->getOption('password_generated_length', null, 10, true);
         }
         $passwordMinimumLength = $this->xpdo->getOption('password_min_length', null, 8, true);
         if ($length < $passwordMinimumLength) {
             $length = $passwordMinimumLength;
         }
-        $options = array_merge([
-            'allowable_characters' => 'abcdefghjkmnpqrstuvxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789',
-            'srand_seed_multiplier' => 1000000,
-        ], $options);
-
-        $ps_len = strlen($options['allowable_characters']);
-        srand((double)microtime() * $options['srand_seed_multiplier']);
-        $pass = '';
-        for ($i = 0; $i < $length; $i++) {
-            $pass .= $options['allowable_characters'][mt_rand(0, $ps_len - 1)];
+
+        if ($options['alphabet']) {
+            $alphabet = array_merge(range('a', 'z'), range('A', 'Z'));
+            shuffle($alphabet);
+            return substr(implode($alphabet),0,$length);
         }
 
-        return $pass;
+        return substr(bin2hex(random_bytes($length)),$length);
     }