Make users set a password after registration
Currently, users use automatically generated passwords when they first log in. We can make them set a password by adding a redirecting link in their confirmation email, or by implementing a new controller altogether. See this and this for some ideas as well as this previous issue that tried to use the Devise Invitable gem.