diff --git a/core/core.services.yml b/core/core.services.yml
index ac24e17..7ad2249 100644
--- a/core/core.services.yml
+++ b/core/core.services.yml
@@ -337,15 +337,8 @@ services:
   path.crud:
     class: Drupal\Core\Path\Path
     arguments: ['@database', '@module_handler']
-# The argument to the hashing service defined in services.yml, to the
-# constructor of PhpassHashedPassword is the log2 number of iterations for
-# password stretching.
-# @todo increase by 1 every Drupal version in order to counteract increases in
-# the speed and power of computers available to crack the hashes. The current
-# password hashing method was introduced in Drupal 7 with a log2 count of 15.
   password:
     class: Drupal\Core\Password\PhpassHashedPassword
-    arguments: [16]
   mime_type_matcher:
     class: Drupal\Core\Routing\MimeTypeMatcher
     tags:
diff --git a/core/lib/Drupal/Core/Password/PhpassHashedPassword.php b/core/lib/Drupal/Core/Password/PhpassHashedPassword.php
index 0f943a4..8b11841 100644
--- a/core/lib/Drupal/Core/Password/PhpassHashedPassword.php
+++ b/core/lib/Drupal/Core/Password/PhpassHashedPassword.php
@@ -8,6 +8,7 @@
 namespace Drupal\Core\Password;
 
 use Drupal\Component\Utility\Crypt;
+use Drupal\Component\Utility\Settings;
 use Drupal\user\UserInterface;
 
 /**
@@ -38,9 +39,13 @@ class PhpassHashedPassword implements PasswordInterface {
   static $ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
 
   /**
+   * Password stretching iteration count.
+   *
    * Specifies the number of times the hashing function will be applied when
    * generating new password hashes. The number of times is calculated by
    * raising 2 to the power of the given value.
+   *
+   * @var int
    */
   protected $countLog2;
 
@@ -48,12 +53,18 @@ class PhpassHashedPassword implements PasswordInterface {
    * Constructs a new phpass password hashing instance.
    *
    * @param int $countLog2
-   *   Password stretching iteration count. Specifies the number of times the
-   *   hashing function will be applied when generating new password hashes.
-   *   The number of times is calculated by raising 2 to the power of the given
-   *   value.
+   *   (optional) A custom password stretching iteration count.
    */
-  function __construct($countLog2) {
+  function __construct($countLog2 = NULL) {
+    // Compute the default log2 number of iterations for password stretching.
+    // Increased by 1 for every Drupal major version in order to counteract
+    // increases in the speed and power of computers available to crack hashes.
+    // The current password hashing method was introduced in Drupal 7 with a
+    // log2 count of 15.
+    if (!isset($countLog2)) {
+      $countLog2 = Settings::getSingleton()->get('password_hash_iterations', 16);
+    }
+
     // Ensure that $countLog2 is within set bounds.
     $this->countLog2 = $this->enforceLog2Boundaries($countLog2);
   }
diff --git a/core/modules/simpletest/lib/Drupal/simpletest/DrupalUnitTestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/DrupalUnitTestBase.php
index 1975466..46cf299 100644
--- a/core/modules/simpletest/lib/Drupal/simpletest/DrupalUnitTestBase.php
+++ b/core/modules/simpletest/lib/Drupal/simpletest/DrupalUnitTestBase.php
@@ -266,10 +266,6 @@ public function containerBuild(ContainerBuilder $container) {
       $definition->clearTag('path_processor_inbound')->clearTag('path_processor_outbound');
     }
 
-    if ($container->hasDefinition('password')) {
-      $container->getDefinition('password')->setArguments(array(1));
-    }
-
     $request = Request::create('/');
     $this->container->set('request', $request);
   }
diff --git a/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php b/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php
index 8e452d5..cad6589 100644
--- a/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php
+++ b/core/modules/simpletest/lib/Drupal/simpletest/TestBase.php
@@ -1093,6 +1093,15 @@ private function prepareEnvironment() {
     drupal_valid_test_ua($this->databasePrefix);
     conf_path(FALSE, TRUE);
 
+    // Reset settings.
+    new Settings(array(
+      'hash_salt' => $this->databasePrefix,
+      // Use the minimum allowed iterations for hashing passwords.
+      // Only overridden here, since most user accounts are created
+      // programmatically in the test runner process.
+      'password_hash_iterations' => 1,
+    ));
+
     drupal_set_time_limit($this->timeLimit);
   }
 
diff --git a/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php b/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php
index 33ab74c..5540523 100644
--- a/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php
+++ b/core/modules/user/lib/Drupal/user/Tests/UserLoginTest.php
@@ -7,8 +7,8 @@
 
 namespace Drupal\user\Tests;
 
+use Drupal\Component\Utility\Settings;
 use Drupal\simpletest\WebTestBase;
-use Drupal\Core\Password\PhpassHashedPassword;
 
 /**
  * Functional tests for user logins, including rate limiting of login attempts.
@@ -104,7 +104,12 @@ function testPerUserLoginFloodControl() {
    */
   function testPasswordRehashOnLogin() {
     // Determine default log2 for phpass hashing algorithm
+    // @see \Drupal\Core\Password\PhpassHashedPassword
     $default_count_log2 = 16;
+    // @see \Drupal\simpletest\TestBase::prepareEnvironment()
+    $settings = Settings::getSingleton()->getAll();
+    $settings['password_hash_iterations'] = $default_count_log2;
+    new Settings($settings);
 
     // Retrieve instance of password hashing algorithm
     $password_hasher = $this->container->get('password');