I would just add that expecting to outsmart the baddies AFTER they steal you password hash tables is wishful thinking. If they are that deep in, is way too late.