For ussual you dont do save it "encrypted", you better dont save the password
what u should save is, a hash which makes sure the password is correct. (For example md5 base64 encoded string)
To make it more difficult to reproduce it, you save it with "salt & pepper"
for example you save also the timestamp when he set the password, (or his create date or whatever, you only must make sure you can access it any time)
and some static string
like
then u save the hash + timestamp to database, then on login, you fetch from database the timestamp + the hash, create the hash with the timestamp and the password the user have insert and compare it against your hashCode:function getHash(string password, DWORD timestamp): string; begin result := base64_encode(md5(password + toString(timestamp) + 'my Pepper String')); end;