Prefer Argon2id where possible. Per RFC9016, section 4 IETF recommends selecting Argon2id unless you can guarantee an adversary has no direct access to the computing environment. Likelihood: HIGH Confidence: MEDIUM CWE: - CWE-916: Use of Password Hash With Insufficient Computational Effort
OWASP: - A02:2021 - Cryptographic Failures