it doesn't matter if standards exist. the "right way" to do stuff is "confusing" and "hard to use" for people who are not technology people.
"What? I have to check my email for a password reset link? That's confusing?! Our users will not be able to use that! My temporary password is xpJ38@#K1o1n$5@wlo%!pq? This is horrible? My cousin does UX and says this lowers our SEO! Just have it email their password to them! It'll confuse people!"
Amalgamation of various reactions I've heard over the years when implementing standard process for password creation/resets.
You are correct in this universe. But in the universe the grand-parent imagines, none of this is confusing, because EACH AND EVERY WEBSITE on the planet does this, so users (and even managers) have seen this many times already.
Jakob's Law of the Internet User Experience (2000):
Users spend most of their time on other sites[0].
[Granted, this may not apply to Google/Facebook, it's from an earlier, more civilized, I mean decentralized age.]
Also, the standard would use 7-word long pass-phrases [1] which are much more readable, memorable and secure than the abomination above.
"What? I have to check my email for a password reset link? That's confusing?! Our users will not be able to use that! My temporary password is xpJ38@#K1o1n$5@wlo%!pq? This is horrible? My cousin does UX and says this lowers our SEO! Just have it email their password to them! It'll confuse people!"
Amalgamation of various reactions I've heard over the years when implementing standard process for password creation/resets.