Sure, and even if the passwords stay secure this is bad for users.
But I'm specifically reacting to "hashed passwords (the vast majority with bcrypt)". That's the sort of thing that's usually code for "except the ones which are horribly secured and will be compromised in a week".
But I'm specifically reacting to "hashed passwords (the vast majority with bcrypt)". That's the sort of thing that's usually code for "except the ones which are horribly secured and will be compromised in a week".