Please pass the self-salt...
What if the input script accepted the new password (PW$), and then created a salted repeated-password string like this:
SaltedPW$ = Salt0$ + PW$ + Salt1$ + PW$ + Salt2$ + PW$ + Salt3$ + PW$ + Salt4$
Then send that away for hashing and storage.
The human user only needs to remember their wee little PW$.
Signing In uses the same concatenation technique, before the hash comparison.
But the Crackers with the stolen hash file need to de-hash these SaltedPW$ monsters. Yeah, good luck.
I hope that this helps.