[cosecantt]

I do not agree that they store a password in plain text. You cannot say for sure. What if they hash each character and store each with its position in the db?

[hartator]

That wouldnbe still pain text actually, because it's easy to have a table for hash -> char. Chararcters being limited by their numbers.

[cosecantt]

Fine. Refer to my detailed answer below that shows longer hashing difficult to bruteforce.

[hartator]

I don't find your other answer. But, basically if you hash one character, there is only ~ 255 possibities (a-zA-Z0-9 plus some special chars). So, a 10 characters password is only ~ 2,500 hash to compute and that's nothing. Might as well store it in plaintext, because it in fact is.