I have no code to post as this is just a general question.
I currently have a web site where I have authentication setup. I have members of the site and I store their credentials in a database. This works perfectly fine. Common sense applies here and I do know that I shouldn't store user information as plain text. However, as I was researching things, I saw that hashing strings something quite easy to do. Throughout my development I saw that there is also a way to de-hash these passwords which led me to this question. Is just hashing the password enough? Should I be doing some kind of encryption along with it? What is the best practice? I haven't found any good information on the web...
string dec = FormsAuthentication.HashPasswordForStoringInConfigFile(Login1.Password, "SHA1");
Thanks in advance for any helpful input.