Plaintext passwords never touch our database. Expiring everyone's passwords was a security precaution given the fact that our non financial customer data was compromised in the first place. I can't comment on what lib or algorithm we use to encrypt our passwords since I don't work on that team.