If your app doesn’t have user registration and instead account managers have to create users manually there are a few ways to about password management. The following article from Tyler Jeffords is really helpful.
- Let the admin set a password for each user they add. (insecure)
- Randomly generate a password and send it in an email. (insecure)
- Solution: Randomly generate a password, then send a password reset email to the user.
The article covers sending a password reset email on a user account creation with a hashed password as well as handling tokens. At Laravel 5.3 there have been a few updates since then but the code still works.