Migrate destination: entity:user
The migrate destination
entity:user lets you migrate into user entities.
If the incoming passwords are MD5 hashed (and so are Drupal <= 6 passwords but also many, many other legacy CMSs) you'll have to tell this using the configuration
md5_passwords: true. Such destination section would look like:
destination: plugin: entity:user md5_passwords: true
Note that when a user is saved and the password doesn't comply the Drupal hashing standards it is salted and re-hashed. If the incoming passwords are not plain or are not MD5 hashed you'll have to deal with this in your migration or, as a fallback, force users on the destination site to change their password on the first login.