Choose Argon2 parameters for secure password hashing and login

Ory provides open-source access control and user management software, and this guide outlines the security best practices for using the Argon2 password hashing algorithm. Argon2 is recommended by OWASP and is designed to secure passwords by storing only cryptographic hashes, making it difficult for attackers to retrieve original credentials even with system access. The guide discusses key parameters for Argon2 such as memory, iterations, parallelism, salt length, and key length, and how to calibrate these to balance security with login performance. It suggests starting with high memory and adjusting iterations to achieve an optimal execution time, ideally around 0.5 to 1 second for frontend applications. To aid in parameter calibration, Ory offers a CLI tool within its user management system, Ory Kratos, that automates this process based on available resources and constraints. This tool is available as a prebuilt binary or a Docker image, enabling developers to determine the best values for their specific setup efficiently.