Should an Argon2 hash be kept confidential?


And it makes sense to use hashing algorithms that are designed to be slow, e.g. Argon2 or Lyra2.
They have tunable parameters.
Use values such that a single hash takes 0.1 - 1s.
Thus you can essentially slow brute-forcing down and reduce the risks even more.

Argon2 on the other hand is designed to be extremely slow.
That means I could only generate, say, 100 hashes per second, which makes offline brute-forcing extremely expensive.