In my experience, any data that doesn't actually have to viewed again, doesn't need to (and shouldn't) be decrypted. For passwords, what you do is use a one-way hash. You store the hash value of the password. When you need to verify the password, you hash what was entered and compare the result with the stored hash. A hash is always unique for a unique set of bits.
ASP.NET has a build in method for this:
System.Web.Security.FormsAuthentication.HashPasswo rdForStoringInConfigFile(<password string>, <hash type string>)
The available hash types are "MD5" and "SHA". I don't really know the difference between them, but there's plenty of documentation out there on them.