diff --git a/dav_auth/tests/test_views.py b/dav_auth/tests/test_views.py
index 5064226..c1f069b 100644
--- a/dav_auth/tests/test_views.py
+++ b/dav_auth/tests/test_views.py
@@ -283,11 +283,28 @@ class ViewsTestCase(TestCase):
     def test_new_password_length(self):
         location = self.recreate_password_url
 
-        default_password_length = 32
+        expected_password_length = 32
 
         response = self.client.post(location, {'username': self.user.username})
         new_password = response.context['password']
-        self.assertEqual(len(new_password), default_password_length)
+        self.assertEqual(len(new_password), expected_password_length)
+
+        expected_password_length = 12
+        self.app_settings.auto_password_length = expected_password_length
+
+        response = self.client.post(location, {'username': self.user.username})
+        new_password = response.context['password']
+        self.assertEqual(len(new_password), expected_password_length)
+
+    def test_new_password_chars(self):
+        location = self.recreate_password_url
+
+        password_chars = 'xYz0'
+        self.app_settings.auto_password_characters = password_chars
+
+        response = self.client.post(location, {'username': self.user.username})
+        new_password = response.context['password']
+        self.assertTrue(all(c in password_chars for c in new_password))
 
     def test_new_password_is_valid(self):
         location = self.recreate_password_url
diff --git a/dav_auth/views.py b/dav_auth/views.py
index 2d6c3d6..0c78f23 100644
--- a/dav_auth/views.py
+++ b/dav_auth/views.py
@@ -79,14 +79,13 @@ class CreateAndSendPasswordView(generic.FormView):
     form_class = forms.CreateAndSendPasswordForm
     template_name = 'dav_auth/forms/recreate_password.html'
     success_url = reverse_lazy('dav_auth:login')
-    password_length = app_config.settings.auto_password_length
-    password_chars = app_config.settings.auto_password_characters
 
-    def _create_new_password(self, length=None, characters=None):
+    @staticmethod
+    def _create_new_password(length=None, characters=None):
         if length is None:
-            length = self.password_length
+            length = app_config.settings.auto_password_length
         if characters is None:
-            characters = self.password_chars
+            characters = app_config.settings.auto_password_characters
         return ''.join(secrets.choice(characters) for i in range(length))
 
     def form_valid(self, form):