Comments by Atlas2002 (Top 1 by date)

Good point regarding passwords. One other point I would add is salting passwords before hashing. If two users have the same password the hash would be the same in the table. Adding salt to the password will create a different hash. One way to do this would use characters out of a user name and inject them into the password, or inject numbers such as a Date of Birth. This will give you more characters to your password and (assuming DOB is different) a different hash. If you are looking for something more complex you could derive an encryption key based on their username and use the byte array to inject salt into the password before hashing. Just some thoughts.