That's better for the _next_ time your site is breached and you newScheme hashes get exposed.
Doesn't help if $attacker has a list of breached oldScheme(password) hashes, and can crack useful numbers of passwords from you old weak oldScheme hash. They can still log into migrated accounts if they can reverse oldScheme into the characters of password.
If you're preemptively upgrading your password hashing aglo with the assumption that you have not (yet) been breached, that works (if your assumption is good). Once the oldScheme hashes are out there though, it's too late.
Doesn't help if $attacker has a list of breached oldScheme(password) hashes, and can crack useful numbers of passwords from you old weak oldScheme hash. They can still log into migrated accounts if they can reverse oldScheme into the characters of password.
If you're preemptively upgrading your password hashing aglo with the assumption that you have not (yet) been breached, that works (if your assumption is good). Once the oldScheme hashes are out there though, it's too late.