Comment Only addresses one side of the equation... (Score 1) 549
If you care about password security you also have to think about the server-side. And there we are doing things that are also just as bad as passwords are often stored using a single encryption algorithm if they are encrypted at all; and often that algorithm is a simple MD5 or SHA1 hash of the password.
In addressing the server-side, we must also make things more variable by introducing settings that the server administrators set. The password is split according to the rules with each part passed through different algorithms, and the results merged using rules as well. One part of the password might pass through scrrypt, while another may pass through SHA512, and only portions used to get what is stored on disk.