The function leaves out the PortalSecurity.Encrypt method which causes the password to save correctly to the database. It should be written like this. void UpdateUser_Click(Object sender, EventArgs e) { // update the user record in the database UsersDB users = new UsersDB(); users.UpdateUser(userId, Email.Text, PortalSecurity.Encrypt(Password.Text)); // redirect to this page with the corrected querystring args Response.Redirect("~/Admin/ManageUsers.aspx?userId=" + userId + "&username=" + Email.Text + "&tabindex=" + tabIndex + "&tabid=" + tabId); } the original code was void UpdateUser_Click(Object sender, EventArgs e) { // update the user record in the database UsersDB users = new UsersDB(); users.UpdateUser(userId, Email.Text, Password.Text); // redirect to this page with the corrected querystring args Response.Redirect("~/Admin/ManageUsers.aspx?userId=" + userId + "&username=" + Email.Text + "&tabindex=" + tabIndex + "&tabid=" + tabId); }