Not a complete answer, but there are some notes on passwords here:
Password Storage: How to do it.[
^]
You also want to look at avoiding SQL Injection attacks by making absolutely sure you use Parametrized queries:
MSDN can help[
^]
Above all, remember that universities are full of
<shudder>
students
</shudder>
- possibly the laziest people on the planet, except when it comes to making other people's lives a misery. They will try to destroy your app so you need to be careful to check, check, check and then use exception handling anyway. Oh, and test everything! Three times.