A
KDF derives one or more cryptographic keys from a secret value (password). Password-based KDFs (PBKDF2, bcrypt, scrypt, Argon2) add computational cost to slow brute-force attacks.
Regular hash functions (SHA-256) are too fast for password storage. bcrypt/Argon2 are intentionally slow. Argon2 won the Password Hashing Competition — current best practice. Iteration count should be tuned to take ~100ms per hash.