Secure passwords are not the end-all-be-all. You also need a secure database.
People/Businesses that get hacked are hacked because of other security weaknesses. Such as SQL injection, XSS, CSRF, session hijacking, whatever.
These weaknesses give hackers the open doorway into your database where they can download your users table and then run the cracking script on your hashes.
To secure your passwords, secure your database. Plug those holes. You're approaching the problem as if someone already has access to your database