Usually people use salt to protect against rainbow tables.
Iterating a hash function (e.g . PBKDF2) is most just a way to make hashing take longer. Since attackers have to make very many gueses (while legit users only have to hash the password once), increasing each guess by a few seconds can really slow things down.
However in modern apps they usually try to use more complex constructions like argon2 to make it so you cant use GPUs to do lots of guesses at once.
Iterating a hash function (e.g . PBKDF2) is most just a way to make hashing take longer. Since attackers have to make very many gueses (while legit users only have to hash the password once), increasing each guess by a few seconds can really slow things down.
However in modern apps they usually try to use more complex constructions like argon2 to make it so you cant use GPUs to do lots of guesses at once.