And it makes sense to use hashing algorithms that are designed to be slow, e.g. Argon2 or Lyra2.
They have tunable parameters.
Use values such that a single hash takes 0.1 - 1s.
Thus you can essentially slow brute-forcing down and reduce the risks even more.
Argon2 on the other hand is designed to be extremely slow.
That means I could only generate, say, 100 hashes per second, which makes offline brute-forcing extremely expensive.