[venomsnake]

I gave the bcrypt example as a anti-pattern if I didn't make myself clear.

Any password derivation scheme works brilliantly until you are the only one using it. The moment it becomes widespread and people begin to target it - it goes anywhere from significantly weaker to trivial to crack.

[StavrosK]

The problem with that is that password derivation is entirely reasonable and encouraged. It's what PBKDF2 does (the "KD" stands for "Key Derivation"). Securing your passphrase with a few thousand rounds of bcrypt and salting with the domain is a great way to strengthen it, since you don't have to trust any shitty MD5 password storage mechanism the site has, the attacker has to brute-force bcrypt to be able to get your master passphrase.