Deprecate NoOpPasswordEncoder

Issue: gh-2776

Author: rwinch

crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java

@@ -16,11 +16,19 @@
 package org.springframework.security.crypto.password;
 
 /**
+ * This {@link PasswordEncoder} is provided for legacy and testing purposes only and is
+ * not considered secure.
+ *
  * A password encoder that does nothing. Useful for testing where working with plain text
  * passwords may be preferred.
  *
  * @author Keith Donald
+ * @deprecated Digest based password encoding is not considered secure. Instead use an
+ * adaptive one way funciton like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
+ * SCryptPasswordEncoder. Even better use {@link DelegatingPasswordEncoder} which supports
+ * password upgrades.
  */
+@Deprecated
 public final class NoOpPasswordEncoder implements PasswordEncoder {
 
 	public String encode(CharSequence rawPassword) {