All passwords are hashed before being stored. A hash is a one-way function that transforms an input into a jumbled output. Hacking software often utilizes brute force attacks to try every single combination of characters to crack a password.
There are a few factors used to compute how long a given password will take to brute force. To compute the time it will take, you must know the length of the password, the character set used, and how many hashes can be checked every second.
The moral of the story is that passwords should be at least 10 characters long and include a mix of numbers, lowercase letters, uppercase letters and symbols.
For more information on this topic, click here.