Sorry, I was referring to AD and account creation.
In Service Desk we set the initial password to a standard password, not blank via a trigger. In my case every user has a AD account so we don't use explicit log on (other than me for testing as users). I would change the password in Service Desk to something random before giving it to the user. You don't want them logging on as anyone else