In many DB systems, I find that the passwords are stored as plain text values. This choice is up to the business owner, but when I am designing the DB, I will always choose to use a one way encryption to store password data. A simple way to use encryption is by using the hashbytes function. Example: select hashbytes(‘sha1′,’stanley johns’);. This command will return 0xCC3787C9B3FE31F2C78411DF441C502D3156DF02. SHA1 stands for Secure Hashing Algorithm. SHA1 is a one way encryption: once the data has been encrypted, it ‘cannot’ be decrypted. Be careful not to use this encryption to store data that you will need to retrieve/view later.
You may be wondering on how to check if the entered data matches with the stored data if you cannot decrypt the stored data; like when checking the entered password with the stored encrypted password. This is achieved, by creating a hash of the entered password and checking this entered password hash with the stored password hash. If both the hashes match, then the data is the same!!!