You don't have to decrypt a password: it is unsafe and absolutely not needed for authentication.
You should never ever store passwords in their original form. If you think about it: you never need them for authentication, as you can always compare ciphered log-in password with you stored ciphered password. With public-key cryptography, you also don't have to store a private key (which is a ciphering key in this case; knowledge of a public key helps to decipher, but not cipher).
You can also store cryptographic hash of the password. In this case, you store only the hashed form of the password, not its original form which should be known only to the use and no one else, not matter what access to the system other people have. You need to compare hash with hash during authentication.
For strong ciphering I would advice RSA, see
http://en.wikipedia.org/wiki/RSA[
^], use System.Security.Cryptography.RSA, System.Security.Cryptography.RSACryptoServiceProvider, see
http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsa.aspx[
^]. You need to understand Public-key Cryptography, see
http://en.wikipedia.org/wiki/Public-key_cryptography[
^].
For the Cryptographic Hash approach, you need to understand how a
Cryptographic Hash Function work, see
http://en.wikipedia.org/wiki/Cryptographic_hash_function[
^].
For a Cryptographic Hash function, you can use, for example the one from the SHA-2 family, see
http://en.wikipedia.org/wiki/SHA1[
^]. It is implemented in .NET, see
http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha1.aspx[
^].
Warning:
Do not use MD5! (See
http://en.wikipedia.org/wiki/MD5[
^].) This algorithm is considered "broken", should never be used for any security purposes.
Also, don't use SHA-1 for security purposes — a security flaw was found. Please see
http://en.wikipedia.org/wiki/Sha-1[
^].
—SA
Submit an article or tip