In Haven, I had a whole bunch of code related to passwords. I spent a great deal of effort to apply some encryption filters to the passwords that I stored in the savefile, and would dutifully decrypt those passwords in order to check to see if what the user typed in was accurate.

Then I realised the industry standard is to store the hash of the password and not the password itself, such that you don't have to worry about storing the password at all. If their password hash evaluates the same, they typed the same password.

Duh.

If anyone else is storing passwords in their games, make good use of md5() to hash the passwords and store the hashes. Don't bother attempting encryption/decryption, and never store the passwords themselves.