TYPO3 Core

I do not agree on clearing or changing the password to a random value on copy, because this is unexpected behavior for a copy-process and there may be valid use cases, where also password hashes are expected to be copied from one site to another.

I agree with Torben on this. A copy is a copy.

However on project level this may could be handled with some datahandler hook, which generates a new password.

I've just done something similar by setting the passwordfield to "passthrough" and generating a random password for new users:

public function processDatamap_postProcessFieldArray(string $status, string $table, $id, array &$fieldArray, DataHandler $dataHandler): void
    {
        if ($table !== 'fe_users') {
            return;
        }

        if ($status === 'new') {
            $random = GeneralUtility::makeInstance(Random::class);
            try {
                $fieldArray['password'] = $random->generateRandomPassword(['length' => 32, 'specialCharacters' => true]);
            } catch (InvalidPasswordRulesException $e) {
            }
        }
    }

Background: I don't want the editor to send the feuser password to the user. They should use the pw-recorvery to set a new password. I might add a "send welcome mail" button to the backend to trigger a notification to the user to set a new password himself.