aditya, from a developer perspective, I cannot think of any reason to ever store recoverable passwords in a database. It's just too easy to do a one way hash.
Okay, there is only one reason, if you are building a system that allows the storage of multiple accounts and passwords that are "re-used" like in some browsers' auto-complete feature. Then the concern is security of the local machine and if you use that technology, you're increasing your personal risk.
In the scenario I mention there, it is absolutely imperative to use an advanced two-way encryption algorithm. In that case, the hacker will need to compromise the database and the code, which should be obfuscated as well so the decryption keys are more difficult to discover.
There are some hackers who will always be able to hack you and some that will never be able to hack you. It's a probability game and you want to reduce the probability as much as possible that anyone will get in...
I have a dozen of reasons to have the passwords recoverable - when the angry big customer is having problems with the application and you need to access his account to reproduce the issue being on a level 4 support, you really want to have the password straight away, and there are many other scenarios, like when you need to test something on a production server with some real data but cannot get access to any accounts as it takes years in a big corp to have something done.
So from a developers perspective - as opposed to business/marketing side - i cannot think of any reason to ever store unrecoverable passwords in a database. Makes it easier to implement, easier to restore, easier to maintain, easier to test.
Okay, there is only one reason, if you are building a system that allows the storage of multiple accounts and passwords that are "re-used" like in some browsers' auto-complete feature. Then the concern is security of the local machine and if you use that technology, you're increasing your personal risk.
In the scenario I mention there, it is absolutely imperative to use an advanced two-way encryption algorithm. In that case, the hacker will need to compromise the database and the code, which should be obfuscated as well so the decryption keys are more difficult to discover.
There are some hackers who will always be able to hack you and some that will never be able to hack you. It's a probability game and you want to reduce the probability as much as possible that anyone will get in...