diff --git a/init.go b/init.go
index 56b10ea..26ecae5 100644
--- a/init.go
+++ b/init.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"crypto/rand"
 	"fmt"
 	"os"
 	"strconv"
@@ -29,7 +30,6 @@ func init() {
 	}
 
 	postgresURI := os.Getenv("PN_PIKMIN3_POSTGRES_URI")
-	kerberosPassword := os.Getenv("PN_PIKMIN3_KERBEROS_PASSWORD")
 	authenticationServerPort := os.Getenv("PN_PIKMIN3_AUTHENTICATION_SERVER_PORT")
 	secureServerHost := os.Getenv("PN_PIKMIN3_SECURE_SERVER_HOST")
 	secureServerPort := os.Getenv("PN_PIKMIN3_SECURE_SERVER_PORT")
@@ -42,12 +42,15 @@ func init() {
 		os.Exit(0)
 	}
 
-	if strings.TrimSpace(kerberosPassword) == "" {
-		globals.Logger.Warningf("PN_PIKMIN3_KERBEROS_PASSWORD environment variable not set. Using default password: %q", globals.KerberosPassword)
-	} else {
-		globals.KerberosPassword = kerberosPassword
+	kerberosPassword := make([]byte, 0x10)
+	_, err = rand.Read(kerberosPassword)
+	if err != nil {
+		globals.Logger.Error("Error generating Kerberos password")
+		os.Exit(0)
 	}
 
+	globals.KerberosPassword = string(kerberosPassword)
+
 	globals.AuthenticationServerAccount = nex.NewAccount(types.NewPID(1), "Quazal Authentication", globals.KerberosPassword)
 	globals.SecureServerAccount = nex.NewAccount(types.NewPID(2), "Quazal Rendez-Vous", globals.KerberosPassword)