What solution can be used to make password hashes more resistant to cracking without changing user habits?

Using key stretching techniques is an effective solution to make password hashes more resistant to cracking, particularly without requiring users to change their habits. Key stretching involves taking a weak password and applying computationally intensive algorithms to increase the time it takes to generate and crack the hashed version of that password. This process makes it significantly harder for attackers to use brute force or dictionary attacks because they must invest more time and resources to guess each password.

In practical terms, common key stretching algorithms include bcrypt, scrypt, and Argon2, which are specifically designed to slow down the hashing process and require more computational power. As a result, even if attackers obtain the hashed passwords, the increased hashing time means they cannot efficiently attempt to crack a large number of passwords.

While other options, such as implementing password expiration or increasing password complexity, can improve security, they do not directly enhance the resistance of password hashes themselves. Similarly, using a password manager helps users generate and store complex passwords but does not intrinsically make existing passwords more secure against cracking. Key stretching targets the fundamental issue of hashing strength, making it the most effective approach in this context.