It's real easy, use HTTPS for accessing websites, and AES encrypt fields before they're written to the database
heck, we have to do that now for credit card information
due to PCI compliance requirements, which everyone who accepts payment information is bound by through a chain of contract law
So for the credit card information, I write all the fields to the database twice, in two columns
once as a hash, using SHA2-512
and once encrypted with AES-256
(salted hash of course)
The reason we're storing the password hashed as well as encrypted
is so you can search it
because searching encrypted values is essentially a SELECT * -> foreach -> decrypt
which is stupid