Rule one: Never store passwords in your database.
Think about it: if anyone gets access to your DB, they get access to everyones passwords. Since many people use the same password for every system, this is a potential major security breach.
Instead, use a hashing function to convert the userID and the password he typed to a hash value (look at SHA - it's in .NET as part of the System.Cryptography namespace, and very easy to use).
Store that instead.
When the user wants to log in, take the UserID he enters, again with the password he typed, and use the same hash function. Compare that with the database version stored for that userID. If they are the same, log him in. If note, tell him he made a mistake.
This way, noone - not even you - can tell what someones password is.
To check if the new password and the retype password are the same:
if (textboxNewPassword.Text == textboxRetypePassword.Text)
{
}
To update the password, use the same hashing process, then use the SQL UPDATE command:
using (SqlCommand com = new SqlCommand("UPDATE usersTable SET password=@PS WHERE userID=@ID", con))
{
com.Parameters.AddWithValue("@ID", userID);
com.Parameters.AddWithValue("@PS", myHashedValue);
com.ExecuteNonQuery();
}