I don't think this is correct. With bcrypt you can adjust the work factor to keep up with the ramifications of Moore's law.

See http://stackoverflow.com/questions/4443476/optimal-bcrypt-wo...

You have to adjust the work factor to keep up with the computing power of your potential attackers. The number and total power of computers connected to the Internet available to do work for crackers will increase faster than the power available to your web server for authentication.

And it also depends on people actually making the adjustment (and creating the infrastructure to support those changes over time). We already have big organizations failing to keep up in so many ways. Why would we expect them to continue fine-tuning their bcrypt parameters?

As I said, bcrypt is an arms race.