Leaving aside the fact that changing my password doesn't mean I have a new identity, having the hash $2y$10$/Aglzm2zpHO7m1dIv5vSp.GHPUd1D8uODn/jtBv3gpe8yS5e/D9PW doesn't tell you my password is "tinkerbell".

In these kind of checks nobody cares what your password is. Only if it is the same as you are using somewhere else.

So hash, unless properly salted, works works very fine.

Many people actually use a single password everywhere. Or at least for similar things.

If your password is "tinkerbell", even an attacker with very few resources can probably crack the hash for it in seconds on their desktop PC.

My password is not "tinkerbell". It serves as an example.

My real passwords look a lot more like the hash.

Is your real password hunter2?