> Because password hashing makes it impossible to retrieve the original password, there is no way to guard against people just using a basepassword and appending some type of counter to it.

> Thus if there really is a breach where the plaintext password is recovered by an attacker it is trivial to find out what this year's version is.

These are contradictory statements.