I am looking for some advice and best practices for storing user passwords in a SQL server database. I am developing an SSO application and need to store user names and passwords for users. I have secured the server physically, and followed the recommendations for securing the SQL server, however, I need some advice on the best way in which to store passwords? Should I encrypt the passwords before I store them in the database? If so, what is a good standard?
Thank you for any advice.