I'm a fairly new developer and I want to ensure that I'm making the right decisions with regards to security. According to my research, it appears I should use a salted bcrypt hashing algorithm for my passwords. According to PHP 7's documentation, the password_hash functionality does exactly this. I don't even have to figure out a way to make my own salt as salting is included in password_hash. This seems like a simple correct answer to password hashing for PHP 7. However, simple correct answers are often wrong. What are the pitfalls of PHP's default password hashing library?
Most answers about PHP password hashing conclude that I should use password_hash/password_verify. However, my question is closer to 'how should I use them?' or 'what should I be aware of when using them?'