If you use the built-in authentication in ASP.NET, its a good idea to use Hashed or Encrypted passwords. The issue with using Hashed passwords is that you cannot use the built-in password retrieval methods for retrieving the passwords. If you use Encrypted passwords, you’ll need to configure a machineKey node in the web.config (MSDN How To). The reason being, you’ll receive the following message: You must specify a non-autogenerated machine key to store passwords in the encrypted format. Either specify a different passwordFormat, or change the machineKey configuration to use a non-autogenerated decryption key. Be sure to follow the MSDN How To that I linked to above to generate your keys.