specify hashing algorithm constant in an app setting
consider using PASSWORD_DEFAULT by default instead of PASSWORD_BCRYPT so that if in the future when PHP updates PASSWORD_DEFAULT from BCRYPT to a more secure algorithm, you can automatically take advantage of that (future-proof)
need to change password_bcrypt_cost setting if doing this