Also argon doesn't care about input length compared to bcrypt which only ever compares the first 72 bytes of a hash. Okta actually fell victim to this because they concatenated userid + username + password. If userid + password were over 72 bytes then the password would never be checked thus you could login with userid + username.

https://trust.okta.com/security-advisories/okta-ad-ldap-dele...