Consider that leaking their past passwords only matters if they reuse them elsewhere.
If they reuse passwords, then chances are you will expose them just as much if you don't force them to rotate passwords, when they end up putting their password into a scam site or run by people who store plain text.
And if you don't check for reuse, you are not forcing them to rotate passwords.
In the face of that, you can't do much better than to make it harder for them to keep reusing passwords on your site so at least a password leak elsewhere won't expose their account with you.
(And re-using the salt is a mistake; don't do that)
If they reuse passwords, then chances are you will expose them just as much if you don't force them to rotate passwords, when they end up putting their password into a scam site or run by people who store plain text.
And if you don't check for reuse, you are not forcing them to rotate passwords.
In the face of that, you can't do much better than to make it harder for them to keep reusing passwords on your site so at least a password leak elsewhere won't expose their account with you.
(And re-using the salt is a mistake; don't do that)