User passwords are stored encrypted via bcrypt (Blowfish). The cost parameter is still 10, as it was when introduced in 2013. Since computing power is ever increasing, we should use a higher cost parameter of at least 12 (four times the work); see an answer on Security.SE for more background.

This will only affect new passwords (new account or changed password).