Problem/Motivation
There is an @todo note in core.services.yml to increase the number of iterations used when hashing passwords for every Drupal core release.
We last increased this value almost a decade ago in #1203852: Increase hashing iterations for D7 and D8.. It was noted at the time that we should do this "every version" assuming we are on 18-24 month release cycles, but also really this is all about execution time, and single core CPU clocks have still not really increased since then.
Proposed resolution
Either increase the password iterations log2 value from 16 (to 17 or 18), or remove the todo.
Remaining tasks
Benchmark how long a password hash takes on a modern CPU to decide whether we should change this or not.
User interface changes
None
API changes
None
Data model changes
None
