The man who wrote the book on password management regrets the error

[ykler]

This is wrong assuming, as is recommended practice, you use a hashing function like bcrypt or scrypt that is designed to be resistant against massive ASIC speedups, right?

[Bartweiss]

I wouldn't call it wrong, but I agree that it's for fast hashes without salts. Since sites still use that (and we can't check what they're using pre-leak) it's still relevant, though.