[mehrdada]

It does prevent simple rainbow attacks, but it does not prevent a simple bruteforce of the common passwords. It can increase the cost a bit, but still in the realm of feasible.

I am mainly trying to warn against the false sense of security. Salting does not magically make weak passwords secure. It makes certain types of attacks harder, but a bad password is still bad.

[cm2187]

That being said the problem is less that we are not asking users to provide strong enough passwords. It is that the industry seems to be completely incapable of protecting their users data. This race to the least crackable hashing algorithm is only adding more lipstick on the pig.

Having seen a major leak pretty much every week if not every day the past 3 years, I am now of the opinion that I should provide zero personal information to anyone. Disposable email addresses, fake names and address will now be my norm.