Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.

Regression in aeb13894.
Reverted changes to is_password_usable() from
703c2666 and documentation changes from
92f48680.