Salt.
A unique random value mixed with a password before hashing so that identical passwords produce different hashes, defeating precomputed lookup attacks like rainbow tables.
Salting is not hashing — salting is what you do before hashing. A salted unhashed password is still plaintext; a hashed unsalted password is still vulnerable to rainbow tables. Both steps are required.
The salt does not need to be secret. It is per-user random data stored in the database alongside the hash; the security property comes from uniqueness, not secrecy. The recurring mistake is using a static salt across all users (defeats the point) or reusing one user's salt across hash rotations (defeats the per-user uniqueness). 16 bytes from a CSPRNG is the standard length; Argon2, bcrypt, and scrypt generate and embed salts automatically when you use the library defaults.
Common questions
Is salting the same as hashing?
Does the salt need to be secret?
What is a good salt length?
What is the difference between salt and pepper?