“Website Passwords Hacked” headlines can be less scary

<p><pre><code> The two most common methods, md5 and sha-1 are both susceptible to collisions, or birthday attacks. As of writing this, I would recommend using SHA-3-256 which has no known attacks. </code></pre> Don&#x27;t do that. Hashing algorithms without salt and iteration counts is a bad idea. Thankfully, languages and frameworks are starting to take this responsibility away from the programmer (or at least they&#x27;re making it easier) – consider using has_secure_password in Rails, password_hash in PHP 5.5, etc. Don&#x27;t use standard hashing algorithms.

You totally forget about hash salting - this way a hacker can&#x27;t use rainbow tables or precomputed hashes for common passwords.