This is nonsense. You can double hash passwords. That's the correct way:
plaintext: 1234
salt: xyz
salt+plaintext hash: opqr
you store on DB: xyz-opqr
when the user requests the login page, the server creates a new salt, stores it in the session (server side) and sends the two salts to the client (session one and DB one):
server extracts salt from DB: xyz
server creates a session salt: abc
client receives session salt: abc
client receives DB salt: xyz
user enters password: 1234
client hashes using DB salt: opqr
1st hash is: opqr
1st hash with salt is: xyz-opqr
client hashes using session salt: hijk
2nd hash is: hijk
client sends the twice hashed password to the server: hijk
Now the server hashes the DB password using the session salt (that was stored on the server side session, remember not to trust the info from the client), and the two should be the same, without the server needing to know the plaintext password.
This is basic auth and security stuff. Which means sony must have hired some second hand programmers to develop this whole system. Creepy indeed.