[digitalpacman]

Before salting became mainstream simple passwords were broken all the time when data was stolen

[CamperBob2]

But that was a server-side issue, like virtually all modern attacks that don't involve trojans.

When it comes to security, a lot of misguided "best practices" seem to be geared toward making users pay for the sins of the admins.