You should never store passwords anywhere. If you think about it, the password itself is not needed for authentication. Let's consider the simplest approach: you apply
cryptographic hash function (
http://en.wikipedia.org/wiki/Cryptographic_hash_function[
^]) to a password and stored its hashed version only.
When the user supplied a password for authentication, you apply the same exact hash function to it and compare the hashed data. Do to the properties of the cryptographic hash functions, nobody can revert it to obtain an original password, so it is kept private to the user.
Warning! Do not use MD5 as it is found to be broken. See
http://en.wikipedia.org/wiki/MD5[
^]. Use one of the functions from the SHA family, see
http://en.wikipedia.org/wiki/SHA-2[
^]. Those functions are well implemented in .NET, see what's available here:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm%28v=VS.100%29.aspx[
^].
Of course you can apply more "serious"
encryption to the passwords, but the main idea is: you never store original password; and you don't know them, only the users know.
—SA