PASSWORD_BCRYPT is used to create new password
hashes using the CRYPT_BLOWFISH algorithm.
This will always result in a hash using the "$2y$" crypt format,
which is always 60 characters wide.
Supported Options:
salt - to manually provide a salt to use when hashing the password.
Note that this will override and prevent a salt from being automatically generated.
If omitted, a random salt will be generated by password_hash() for
each password hashed. This is the intended mode of operation.
cost - which denotes the algorithmic cost that should be used.
Examples of these values can be found on the crypt() page.
If ommitted, a default value of 10 will be used. This is a good
baseline cost, but you may want to consider increasing it depending on your hardware.
The default algorithm to use for hashing if no algorithm is provided.
This may change in newer PHP releases when newer, stronger hashing
algorithms are supported.
It is worth noting that over time this constant can (and likely will)
change. Therefore you should be aware that the length of the resulting
hash can change. Therefore, if you use PASSWORD_DEFAULT
you should store the resulting hash in a way that can store more than 60
characters (255 is the recomended width).