Can I be flippant and risk down votes by saying don't?
Best way to avoid your usernames and passwords getting hacked. Don't store them in the first place.
Use a federated authentication like Facebook Connect (oAuth) or Google Open-ID. I write more on the benefits here.
