The best way I've found to do this is to store a 1-way hash of the password.
There is a method within the forms authentication class: FormsAuthentication.HashPasswordForStoringInConfig File
The idea is that when the user creates the account, you hash the password and store that. Then when they log in, you hash the password they entered, get the hashed value from the DB, then compare the two hashed values. Then you don't have to decrypt anything. This is actually more secure, because uses a hash algorithm instead of an encryption algorithm (which will have a matching decryption).