==== Use specific password hashing algorithms

In general, rely on an algorithm with no known weaknesses, and rule out the
others, such as MD5 or SHA-1.

While considered strong for some use cases, some algorithms, like SHA-family
functions, are too fast to compute and therefore susceptible to brute force
attacks, especially with attack-dedicated hardware. +
Modern, slow, password-hashing algorithms such as *bcrypt*, *PBKDF2* or *argon2*
are recommended.