Passwords are stored as hashes, to get a hash you take your password and do math on it to randomize it, the hash can’t be reversed, and the data of your account is now locked with the hash, since you can’t reverse it, hackers can’t guess your password, they either use phishing or they get a hold of the website’s database, which stores the hashes, or sometimes plain text passwords.