Are you updating older password hashes to bcrypt on login? That's the perfect opportunity since you have the users password prior to hashing and comparing.