How? Encrypt and Decrypt user membership passwords in ASP.NET

Question

We are creating a new site using ASP.NET membership provider for user registration and log in. Our old system encrypted user passwords so that we could recover them if we ne

Answer 1

Storing passwords in recoverable format is a very poor idea. If you can recover them so can anyone who breaks into your server.

You're better off using a standard hash+salt approach and having a password reset mechanism to handle the case where users forget their password.