All hash functions - except perfect hash functions - have collisions, because hashing normally maps a larger set of inputs to a smaller set of outputs.
That being said, mod 10 is an awful function for hashing passwords as the amount of collisions are unacceptable in practice.
Apart from that, it is also unacceptable because it is too fast, and because it is incredibly easy to find a matching input (because you can just use the hash as password, it will always match). You can also not really reduce collisions by increasing the divisor. If you would eg set it to 1000, all input less than 1000 wouldn't actually change.
This is a nice example that not all hash functions are acceptable as cryptographic hash functions.
Cryptographic hash functions need to be preimage resistance, second preimage resistance, and collision resistance.
mod is none of those:
- Pre-image resistance: Given a hash h, it should be difficult to find any password p such that h = h(p). It's not. p = h will always work.
- Second pre-image resistance: Given a password p1, it should be difficult to find another password p2 such that h(p1) = h(p2). It's not. p2 = p1 + divisor will work.
- Collision resistance: It should be difficult to find two passwords p1 and p2 such that h(p1) = h(p2). It's obviously not, given the two previous points.
For acceptable functions, see How to securely hash passwords?.
