You should never store passwords in plain-text, encrypted or not, you should always use a one-way cryptographic hash like bcrypt [0], scrypt [1], or PBKDF2 [2], combined with a single use salt [3] and optionally a pepper [4], and then store the output of the hash in the database.

To confirm a user supplied password matches you run input into the same hash function again with the salt+pepper and compare it to the value in the database.

That way if the database is stolen, the attacker cannot recover the contents of the passwords without brute forcing them. Encrypting passwords is not recommended because too often attackers are able to recover the encryption keys during the same attack where the password data is extracted.

[0] https://en.wikipedia.org/wiki/Bcrypt

[1] https://en.wikipedia.org/wiki/Scrypt

[2] https://en.wikipedia.org/wiki/PBKDF2

[3] https://en.wikipedia.org/wiki/Salt_(cryptography)

[4] https://en.wikipedia.org/wiki/Pepper_(cryptography)