Not a complete answer, but there are some notes on passwords here: Password Storage: How to do it.
You also want to look at avoiding SQL Injection attacks by making absolutely sure you use Parametrized queries: MSDN can help
Above all, remember that universities are full of
- possibly the laziest people on the planet, except when it comes to making other people's lives a misery. They will try to destroy your app so you need to be careful to check, check, check and then use exception handling anyway. Oh, and test everything! Three times.