Security is a combination of a few things (there is much more than this list, but rather than turning this post into a book, I'll keep it at these for now):
- Encryption - complexity; making it difficult to know what the original content is
- Obfuscation - unclear/protected; making it difficult for other scripts/users to know or guess how your security scheme works.
- Intrusion Prevention/Response - determining when a security breach (or attempted breach) has occurred, and responding to the incident
Encryption will be things like hashing, salts, SSL, keys, etc. Obfuscation will be things like steganography, using rotating salts, separating the passwords off into another server that no script can access, etc. Intrusion Prevention/Response will be things like rate limiting, delays, shutting down servers once the breach is made known, etc.
Now looking at your question: What brute-force protection schemes can be implemented that aren't vulnerable due to increasing computation power?
My answer: none. Unless someone builds a quantum computer or a mathematician writes an expansion to group theory in a way that would blow all of our minds out of our heads, then any and all "brute-force protection schemes" will be vulnerable to increasing computational power (especially distributed processing, such as cloud servers or bot-nets).
It seems like your fear is the case of Blizzard, where the database had been accessed, and the hashed passwords were seen by the hackers. If someone has the hash, and knows your salts/hashing procedure, then it's only a matter of time before they can get the password. At this point, we are talking only about encryption, because everything else is known and/or moot.
It's a matter of math: the longer and more complicated the password, that's increasing orders of magnitude, and the problem becomes an exponential with each added character. But if you exponentially increase the computational power of the brute-force algorithm, you're back to square one.
If a hacker gets a hold of the hashes that are stored in your database, then immediately lock the database, figure out how they got in, fix that security hole, and add a step to your authentication procedure, update the database with the new authentication procedure and turn everything back on.
In other words, make sure your authentication server/database is secure on every level so that hackers can't get access to it.
If you just want to "buy more time", then add complexity. But keep in mind that this doesn't make your database more secure. It would be better to analyze how to lock the database down to prevent someone from getting the hashes in the first place.