During the NixOS 22.11 lifecycle old password hashes may need to be updated, because we plan to disable weak password hashes in NixOS 23.05. We consider password hashing methods weak, if the libxcrypt project did not flag them strong. If your system is configured with weak hashes a script will emit a warning during activation. We expect most users accounts to be set up with sha512crypt (hash prefixed with $6$) which we will continue to support. Interactively configured passwords can be updated using passwd, new password hashes can be generated through mkpasswd.