How to store passwords (of your website’s users), you wonder? There has never been a simpler question in website security, with such a straight forward answer:
Never-ever store passwords
Store hashes of your users’ passwords, never the passwords themselves. I don’t care if you plan on storing passwords in a file or in a database table, whether in plain-text (…yes, there have been cases, some notorious) or two-way encrypted. Forget all that. Just use good password hashes, always. Hashing is one-way encryption, meaning the result (hashed string) cannot ever be used to directly retrieve the original text, as opposed to two-way encryption, where the string can be decrypted back to the original, using the encryption key.
The main argument against this extremely healthy practice is the difficulty in recovering a lost password: you won’t be able to send the user his password in plain-text, because you cannot get it yourself (one way encryption, remember?). This is actually a good thing!
That’s all there is to it regarding password storage, really. Don’t waste your time and don’t risk your system’s security messing around with a “better” solution, for the sake of convenience. Do yourself a favor, and simply accept the above as axiomatic.