Well .... another solution would be if site admins didn't all use the same hash function! And they shouldn't be using lossy hashing functions that reduce the size of the result. We are getting to the point where the entire result space (for some ahem very old password hashing schemes) can be run in a few months(?) to generate a set of all possible passwords. I'm going to argue that yes users should not be using the same password across multiple sites, but that the complexity can be added to their password per site (and of course this appended string must be saved somewhere else besides a common file or in plain text!) to generate a hashed password database of low value to attackers. This burden should not be placed on users -- different passwords on every site absolutely, don't use a single dictionary word for a password of course, but requiring them to use a password manager is too much.