I don't mean to discount your experience, and I'm guessing the social engineering opportunities are unlimited no matter the protections, but the screenshot I provided shows that by default it uses words, not password-style, generation so your childhood best friend would be "couch tulip wheel" and not cafe8675309$