Indeed. You are probably not a target worth the time or effort.
Incidentally, salting only protects against dictionary attacks (not brute-forcing) and SHA-256 is generally hardware accelerated (unlike md5, so the crunching will potentially be faster in your case). Also as I would have a copy of your vault application, I could potentially edit the authentication part to remove any additional, non-functional, delays the vault program might have added.
But again, it depends on whether or not you are worth the effort.
The best way to do this would be to use a two token authentication (something you know + something you have), but its going to be a while to get a non-hacky global framework in place that keeps everyone happy, does not break country specific-patents and its not subject to export regulations. And it would have to be ubiquitous, and easy to carry and cheap enough for companies to afford to give out.