Passwords will be hashed with the Argon2 library.
https://docs.djangoproject.com/en/1.10/topics/auth/passwords/#using-argon2-with-django

Also, new passwords will go through 'common-passwords-checks'. This will prevent
access to accounts using one of those common brute force password hackers around,
in case of a breach.