When you do store sensitive information, avoid storing it in human-readable text or in an easily decoded format, such as Base64 encoding. Instead, encrypt the information so that, if it is exposed to an attacker somehow, the attacker cannot easily determine what the sensitive information contains.
If the sensitive information needs only to be verified and not decrypted to a human-readable format, encrypt the sensitive information using a one-way hash. Then, when comparing the sensitive information received from a source that is being validated, hash the value received and compare the hashes for verification. For example, if you are using ASP.NET Membership and Forms Authentication to provide user authentication for your application, set the password format to Hashed so that passwords are encrypted using a one-way hash when they are stored in the data source or compared for validation.
When storing sensitive information such as connection strings, user credentials, or encryption keys in the Web.config file for an application, encrypt the sensitive sections of the Web.config file using a protected configuration provider. For more information about protected configuration, see Criptografando informações de configuração usando configuração protegida.
For more information about using encryption to protect sensitive information, see .Modelo de criptografia do NET Framework.