I am learning more about security in web design so I can build more robust sites. As I see it password security is one of the main concerns, if a database is hacked then chances are passwords will be on the list of the attackers. I understand that you should not store 'plain text' passwords and instead hash/salt; storing that instead. But, on a site I have been working on, we have 'site only' passwords, ie the passwords are generated automatically by the website for the user site access. These are for admin and the site's course access and consist of the website name followed by numerous random characters. So the passwords even if accessed in plain text format would not be of any use, because the passwords are unique to that site only. As I understand normally the hackers are looking for 'common' passwords, which can be used to access other sites.
This system was put in place by an experienced programmer. But I am wondering if the general consensus is that using this method of unique site passwords is a much safer option and if so then why do most sites generally request user set passwords in the first place; which are more vulnerable (even though they are perhaps easier to remember)?