When you are using the built-in SIGNL4 custom authentication (email/password pair), your password is stored as hashed value only. We use SHA512 which is the highest encryption option in SHA-2.
You can change your password in the mobile App and in the Web portal.
We provide a first-time password via email for convenience reasons (hashed storage too!). You can change this password any time later in the mobile app and the Web portal, which is recommended. Sending this first-time password via email is secure and encrypted if your mail server supports secure SMTP (TLS) which is our default way of communicating.
The password complexity requirements have been increased for security reasons. The criteria for valid passwords are now very transparently displayed on the signup page and must also be observed when changing passwords (web interface or mobile app).