what constitutes a ‘weak’ password these days is pretty high: Unless you’re allowing Unicode passwords, anything less than about 14 characters is crackable remarkably quickly. Graphics cards, not just for making pretty pictures any more!
Also, that unsalted hashes seem to be the exception not the rule, isn’t helping the situation much.
When all said and done, the only reasonable solution is never re-use passwords ever.
