Generating a password for the user instead of letting them pick their own is annoying, but fine. I've worked on extremely secure networks that use the same approach Storing in plaintext, though, is extremely questionable. It's not up to you to place a value on your users account