Support multiple password hashing strategies
The security framework should support multiple password hashing strategies. An identifier could be used to differentiate between different implementations. The hashed passwords should be self-descriptive, such that they contain an identifier for the password hashing strategy to use for validating the hashed password.
This allows an easy transition from PBKDF2 to BCrypt or other hashing strategies in the future. It also allows for the usage of different security levels in one application .