`Argon2`: is the winner of the 2015 Password Hashing Competition. There are three different versions of the algorithm: - `Argon2i`: is optimized for resistance to side-channel attacks. - `Argon2d`: is optimized for resistance to GPU cracking attacks. - `Argon2id`: is a hybrid of the previous two that offers a balance of security and performance. Although it is slower than the other two, it is the recommended one. Modern hashing algorithms such as Argon2id, bcrypt, and PBKDF2 automatically salt the passwords, so no additional steps are required when using them. The following configuration settings represent a base minimum for Argon2: - Option 1: m=47104 (46 MiB), t=1, p=1 - Option 2: m=19456 (19 MiB), t=2, p=1 (m) minimum memory size, (t) minimum number of iterations, and (p) the degree of parallelism `bcrypt` is a solid and time-tested option that should be considered when the other algorithms are unavailable. It’s less memory-hard than scrypt or Argon2 but still secure when properly configured. The `bcrypt` work factor should be as large as verification server performance will allow, with a minimum of 10. Use `passlib` in Python to make use of these libraries.