You've missed my point entirely. "12345" is the fifth numeric password an attacker would try (after "1", "12", "123", and "1234"). It doesn't matter how securely you store it or how long each guess takes, if an attacker has a reasonably high chance of guessing it by a mere educated guess.
Sure, you could lock the account after X guesses - But then you've just given me a trivial way of locking out the legitimate account-holder as well - Arguably, a lot of kids just out to raise some hell rather than seriously wanting to compromise your accounts would prefer that (applied on as large a scale as possible) than actually guessing the right password. "Oh, look, we just locked the entire Microsoft staff out of their own network, ha-ha!"
Any Password, hashed in any number of many ways repeatedly, and yet each one with a unique Time Stamp embedded and invisible, should do the trick.
That accomplishes nothing more than slowing down any brute force attempts. It certainly doesn't somehow magically make one of the top few million passwords more secure. Or, looked at another way, let's say you use such a horrendously complex hash that each guess takes a whole second. You've just handed any potential attackers a trivial on/off switch to DOS'ing (no leading "D" required) your site, as your poor server farm tries to keep up with just a handful of bad login attempts per second.
Time Stamps supposedly assigned to certain Alpha Decay Chains stuck out like three sore thumbs upon later Analysis.
Would you care to provide a link on how timestamped audit trails have anything to do with brute-force password cracking? It sounds like you've mixed up two separate concepts here. Yes, you can make an RTPS virtually tamper-proof; that doesn't have much in common with proving my identity to Facebook from a previously untrusted computer.