TBH I still wait for Argon2 to become a little older. While bcrypt has its downsides it is older, much older, and in crypto world it is good thing. Bcrypt right now is still the safest choice IMHO.
The people replying here are right, don’t use MD5. However, is this for an existing database? In that case, users should be required to change their password when signing in, where you then use a better hashing algorithm.
As for argon2 vs bcrypt (will be somewhat off topic discussion):
NIST and RFC recommends PBKDF2-HMAC-SHA256 or PBKDF2-HMAC-SHA512, and this is required for FIPS certification (I chose it as the default for Pow). Argon2 and bcrypt are better, but it’ll probably be a while before either of them will be recommended by NIST or RFC. It also seems that NIST believes storing the password hash is ultimately a doomed model no matter the hashing algorithm, but all this isn’t really that relevant for almost all apps we’re building
Here in 2019, Argon2 would be my first choice going forward (best is to have Argon2id). Bcrypt has a lot more battle experience, but is not memory hardened. If you want to follow official guidelines, or require certification then you should go with PBKDF2, but GPU/ASIC/FPGA makes cracking these hashes trivial (still this threat model is much, much better to have than MD5).