As of May 2023, OWASP recommends the following KDFs for password hashing, listed in order of priority:
- Argon2id
- scrypt if Argon2id is unavailable
- bcrypt for legacy systems
- PBKDF2 if FIPS-140 compliance is required
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html