Rule n1: don't roll your own security.
Rule n2: goto 1
You are overcomplicating your authentication system by oversimplifying security problems and the result is that you have solved nothing.
Security always seems very easy to solve and usually non-security engineers tends towards solutions like yours that doesn't provide extra security, they just add a few extra steps for a hacker to obtain you database and as a result you need to maintain extra databases, there are more error points... Do you remember that thing about "each extra system exponentiates complexity"?
You are overcomplicating your authentication system by oversimplifying security problems and the result is that you have solved nothing.
Security always seems very easy to solve and usually non-security engineers tends towards solutions like yours that doesn't provide extra security, they just add a few extra steps for a hacker to obtain you database and as a result you need to maintain extra databases, there are more error points... Do you remember that thing about "each extra system exponentiates complexity"?