>We had a discussion recently in the team about the length of what a password should be. Some would say the longest is the better. Well, while this may be good as an answer, I would be curious to know, before encryption, what is the length you usually have in your application for the member's table password.
You shouldn't really be storing the password itself (or even the encrypted password), but rather a hash of the password. And ideally another field for the salt. So if you used something like SHA1 you'd need a field that could store 160 bits (SHA1 is fixed size, regardless of the input string). I'd probably use something like a GUID for the salt (each user records gets its own unique salt), then store HASH(Salt + Password) in the database. Now the user can enter any length password they like and your code will still work.
As far as password policies go, I usually just use whatever password KeePass automatically generates; it appears it's a 20 character string with upper/lower case, numbers, and special characters. Or if it's a password I really need to remember I tend to use pass phrases with odd case changes and/or alt. characters.