SHA-256 is compromised in the future you could also require users to change password and re-hash.
Or you just hash them three times with 3 random methods out of a big algorithm pool to begin with so you don't have to re-hash and notify everybody.
Therefore, I don't register any email addreses, so I can never notify every user about a database comprimise.
Second plain hashing algorithms aren't a good idea for passwords. The problem is they are too fast.
That's why each user has a unique code bind to there account to decrypt (when logging in) what hash methods have been used.
This would make the cracking of 3 different hash methods very hard since for each new account the password is hashed with different methods in a random order.
It's not hashed with just only md5 or something.
A mining farm can attempt to brute force tens of billions of hashes per second.
Not sure what you think, but I still think nobody would want to crack this and invest tons and tons of time, energy and money in hacking a small database containing passwords that are connected to a bitcoin address and some hashed ip's that are not even connected to the accounts.
Saying triple hashed w/ three "random" (is that even possible) algorithms doesn't make any sense.
Saying something like. "Your password is never stored in plain text. A secure hash of your password is used for authentication. We can't recover any lost/forgotten passwords. For technical details click here" makes a lot more sense.
I agree with you on this. I will change this at short notice.