Well, I would dispute those calculations a bit, but I accept that good long per-account salting forces each password to be cracked individually. I assume that the salt is compromised along with the password (or they won't be cracked at all).
Even randomly selected passwords from all alphanumeric characters only gives us about 6 bits of entropy per character. Most passwords are shorter than 10 characters, the average is more like 7. This only gives us 42 bits of entropy per password, assuming complete random selection from that space.
But - users don't randomly select from that space, and modern password crackers don't simply try all possible letter permutations, although they can successfully do this for passwords which are less than 7 characters. They exploit the patterns and techniques which users use to select passwords, using rules engines, password dictionaries, markov chains and all sorts of clever magic.
Run this on GPUs using hashcat, which for SHA256 can check about 3 billion hashes a second. A small cluster of 4 of these machines can then easily check over 10 billion hashes a second. You can now rent Amazon EC2 instances with GPUs. In a minute you can check 600 billion hashes, admittedly for a single password at a time.
Salted hashes are now crackable even for quite reasonable passwords, if the hash algorithm can be run on modern GPUs, and assuming the attacker has the salt as well.