Hmm, that's not a bad idea, though I'm not sure the idea of an extra query, or extra table join (and either way, an extra lock) on every page load is entirely desirable.
In any case, I don't think automatically jumping for the biggest and just pushing it into an extra table is worth the apparent extra benefit, there's no real practical need to go beyond SHA-256 anyway.
Yeah, definitely shouldn't hit the password every page view. Instead, you should have a login hash (cookie, session id, whatever.) The nice thing about this method is it allows the user to inspect other people who are using their account (see: Gmail does this.) It's very beneficial, but it means that the login hashes (or sessions, whatever) must needs be in a separate table.
Such a feature is especially important for certain types of software, less important for forums specifically. If talking about generic login management, this is important IMHO.
-[Unknown]
