alekz explains how to create a password policy that uses the Generate Password token, but excludes some characters or numbers that could confuse users (where they might enter 1 instead of l, for example.) Very nifty!
If you are just getting started with IDM, there are some common pitfalls. It would be nice if someone just pointed them out to help you avoid them. This is not the sort of thing that goes in the docs, so here is my attempt.