diff --git a/app/controllers/user_admin_controller.rb b/app/controllers/user_admin_controller.rb
--- a/app/controllers/user_admin_controller.rb
+++ b/app/controllers/user_admin_controller.rb
@@ -8,7 +8,9 @@
   end
 
   # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
-  verify :method => :post, :only => [ :destroy, :create, :update ],
+  verify :method => :post, :only => [ :destroy, 
+                                      :create, :create_from_list, 
+                                      :update ],
          :redirect_to => { :action => :list }
 
   def list
@@ -47,19 +49,43 @@
 
   def create_from_list
     lines = params[:user_list]
+
+    note = []
+
     lines.split("\n").each do |line|
       items = line.chomp.split(',')
-      if items.length==4
-        user = User.new
-        user.login = items[0]
-        user.full_name = items[1]
-        user.alias = items[2]
-        user.password = items[3]
-        user.password_confirmation = items[3]
+      if items.length>=2
+        login = items[0]
+        full_name = items[1]
+
+        added_random_password = false
+        if items.length>=3
+          password = items[2]
+          user_alias = (items.length>=4) ? items[3] : login
+        else
+          password = random_password
+          user_alias = (items.length>=4) ? items[3] : login
+          added_random_password = true
+        end
+
+        user = User.new({:login => login,
+                          :full_name => full_name,
+                          :password => password,
+                          :password_confirmation => password,
+                          :alias => user_alias})
         user.activated = true
         user.save
+
+        if added_random_password
+          note << "'#{login}' (+)"
+        else
+          note << login
+        end
       end
     end
+    flash[:notice] = 'User(s) ' + note.join(', ') + 
+      ' were successfully created.  ' +
+      '( (+) - created with random passwords.)'   
     redirect_to :action => 'list'
   end
 
@@ -109,8 +135,31 @@
     import_from_file(params[:file])
   end
 
+  def random_all_passwords
+    users = User.find(:all)
+    @prefix = params[:prefix] || ''
+    @non_admin_users = User.find_non_admin_with_prefix(@prefix)
+    @changed = false
+    if request.request_method == :post
+      @non_admin_users.each do |user|
+        password = random_password
+        user.password = password
+        user.password_confirmation = password
+        user.save
+      end
+      @changed = true
+    end
+  end
+
   protected
 
+  def random_password(length=5)
+    chars = 'abcdefghijkmnopqrstuvwxyz23456789'
+    newpass = ""
+    length.times { newpass << chars[rand(chars.size-1)] }
+    return newpass
+  end
+
   def import_from_file(f)
     data_hash = YAML.load(f)
     @import_log = ""
diff --git a/app/models/user.rb b/app/models/user.rb
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -113,6 +113,11 @@
     password
   end
 
+  def self.find_non_admin_with_prefix(prefix='')
+    users = User.find(:all)
+    return users.find_all { |u| !(u.admin?) and u.login.index(prefix)==0 }
+  end
+
   protected
     def encrypt_new_password
       return if password.blank?
diff --git a/app/views/user_admin/list.rhtml b/app/views/user_admin/list.rhtml
--- a/app/views/user_admin/list.rhtml
+++ b/app/views/user_admin/list.rhtml
@@ -29,6 +29,7 @@
 <b>What else: </b>
 <%= link_to '[New user]', :action => 'new' %>
 <%= link_to '[New list of users]', :action => 'new_list' %>
+<%= link_to '[Random passwords]', :action => 'random_all_passwords' %>
 <%= link_to '[View active users]', :action => 'active' %>
 
 </div>
diff --git a/app/views/user_admin/new_list.rhtml b/app/views/user_admin/new_list.rhtml
--- a/app/views/user_admin/new_list.rhtml
+++ b/app/views/user_admin/new_list.rhtml
@@ -1,12 +1,8 @@
 <h1>Adding list of users</h1>
 
-<div class="usermenu">
-<%= link_to 'User admin', :action => 'list' %>
-<%= link_to 'Main', :controller => 'main', :action => 'list' %>
-</div>
-
 <% form_tag :action => 'create_from_list' do %>
 <%= submit_tag 'create users' %><br/>
-List of user information: user_id,name,alias,passwd<br/>
+List of user information in this format: <tt>user_id,name(,passwd(,alias))</tt><br/>
+Note that <tt>passwd</tt> and <tt>alias</tt> is optional.<br/>
 <%= text_area_tag 'user_list', nil, :rows => 50, :cols => 80 %>
 <% end %>
diff --git a/app/views/user_admin/random_all_passwords.html.haml b/app/views/user_admin/random_all_passwords.html.haml
new file mode 100644
--- /dev/null
+++ b/app/views/user_admin/random_all_passwords.html.haml
@@ -0,0 +1,39 @@
+%h1 Random user passwords
+
+-if @changed
+  %p 
+    %b Done!
+    Here's a new password list. 
+    Go back to
+    = (link_to '[user list]', :action => 'index') + '.'
+  %br/
+  %table
+    %tr
+      %th Login
+      %th Fullname
+      %th Password
+    -for u in @non_admin_users
+      %tr
+        %td= u.login
+        %td= u.full_name
+        %td
+          %tt= u.password
+
+-else
+  -if @prefix!=''
+    Current prefix:
+    = @prefix
+  -form_tag((url_for :action => 'random_all_passwords'), :method => 'get') do
+    Change prefix
+    =text_field_tag 'prefix'
+    =submit_tag 'Change'
+
+  This will change passwords of the following users.
+  %ul
+    -for u in @non_admin_users
+      %li= u.login
+
+  -form_tag((url_for :action => 'random_all_passwords'), :method => 'post') do
+    =hidden_field_tag 'prefix', @prefix
+    Are you sure?
+    =submit_tag 'Go ahead'