Biggest problem you have is the vulnerability to substitution and various forms of phishing attacks. Picking good passwords using pseudo-random number generators is not easy. The target user population will not have a clue about these issues. As the adage goes, a false perception of security is worse than no security at all.