Or swapped over to Bcrypt

we've cleared the old SHA512-salted passwords out of our production database and have upgraded the password hashing to bcrypt, with a cost of 10.

Good call :)

Just in case anyone doesn't know why Bcrypt is so awesome, it's because it actually takes longer to hash (based on the difficulty level you set, and you can bump up the difficulty level as hardware gets more powerful).

For other applications, you want hashing to be fast. But for passwords, you want hashing to be as slow as possible without compromising user experience.

I wanted Lucas to link to Coda Hale's post on bcrypt (found by googling "Coda Hale bcrypt") in the blog post, but he edited that out. So it goes.