Previously, authentication systems stored passwords in cleartext. This made it trivial for an attacker to log in to an account if he had access to a leaked password file.
Later, passwords were hashed once and the hashed value stored. If the attacker had a leaked password file he could try hashing guesses and if a hash value matched, use that guess to login.
Then passwords were salted and hashed thousands of times on the server and the salt and the resulting hash value was stored. If the attacker had a leaked password file he could use specialized ASICs to hash guesses and if a guess matched use that password to login.
Can we do better than that?
Can we make password cracking so difficult that even if he has the hashed password, he will not get a major advantage (factor of 10) over testing the passwords against the server - even if he has specialized ASICs? And can we avoid this opening an way of DoS'ing the server with many parallel login requests?
We can assume the attacker has access to the hashed password, but that he cannot intercept communication between the server and a client.