How to Process Passwords as a Software Developer

&gt; Argon2 is a key derivation function, the winner of the password hashing competition and should be used for new projects. In case it isn&#x27;t available, use Scrypt. Any other KDF is nonoptimal.<p>Probably not worth going for the marginally-better-but-new-and-fancy KDF if you don&#x27;t have a reliable implementation available for your language.<p>Pretty much agree with everything else otherwise

&gt; Enforce multi-factor authentication instead<p>But in a way that your user won&#x27;t lose everything if his usb-gadget fails.<p>Also not in a way that it gets stronger than password and can be used alone to recover a password (sms, for example)<p>Also not in a way that is written down in a paper and typed later.<p>Also not in a way that prevents your user from using your software.