For my projects I use a combination of 2 salts (1 Static, 1 Dynamic). When a user registers to my website the backend will generate a random salt key for each user. Even if 2 different users register to my website with the same password, the resulting hash will be different.

So if the database was ever hacked or stolen, they would be missing the static salt key, thus it would prove to be impossible for them to bruteforce any of the passwords.

However I'll touch wood, just incase.